Generating a Certificate Signing Request (CSR) - Exchange Server 2007 Generating a Certificate Signing Request (CSR) - Exchange Server 2007

Generating a Certificate Signing Request (CSR) - Exchange Server 2007

When generating a UCC CSR, you must provide the country, city, state, company name, and the additional domains that you want included in the resulting UCC certificate. The following is an example of the command you would enter using the Exchange Manage Shell utility:

New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname "c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com" -domainname SubjectAlternativeName1, SubjectAltName2, SubjectAltName3, SubjectAltName4 -PrivateKeyExportable $true -path c:\certrequest.txt

Where:

  • c - Two-letter country code of your organization's country of residence
  • l - Full name of your organization's locality or city
  • s - Full name of your organization's state or province
  • o - Your Organization's legally registered name (company or person's first and last name)
  • cn - The first/main Fully Qualified Domain Name (FQDN) to be secured that will always be visible in the certificate details
  • -domain - The comma-separated list of additional domains that will be included in your certificate and referred to as Subject Alternative Names (SANs). The SAN field is not exposed through Exchange directly. You can view it only in Certificate Manager in MMC or through the Internet Information Services (IIS) Manager. Certificates bound to a website, such as those used by IIS for Outlook Web Access, Exchange ActiveSync, or Autodiscover, are also viewable in IIS Manager.

NOTE: -domainname attribute is not required to be completed during the CSR generation process. Our SSL Management console allows you to manage the SANs without generating new CS's each time you want to add or remove a SAN.

  • -PrivateKeyExportable $true - If you have to export a copy of the requested certificate to import it to a client computer or another server computer, you must use the -privatekeyexportable $true parameter when you create the request
  • -path c:\certrequest.txt - The complete path and filename where the resulting CSR file will be placed when generated

For more information, see Certificate Use in Exchange Server 2007.

Generating a Certificate Signing Request (CSR) - Exchange Server 2007 Generating a Certificate Signing Request (CSR) - Exchange Server 2007

Send a message


© ASTEHOST 2006 - 2021