Generate a CSR | Microsoft Exchange 2007 | Globalsign.com

Global Support Centre > SSL Certificates > MS Exchange 2007 > Generate a CSR

By using the Exchange Management Shell, you can create a certificate request. You define all the DNS host names of the Client Access servers in the GlobalSign web form. Then you can enable users to connect to the certificate for services such as Outlook Anywhere, Autodiscover, POP3 and IMAP4, or Unified Messaging that are listed in the Sub Alternate Names (SANs) attribute.

  1. During the online enrollment process you will be required to provide GlobalSign with a Certificate Signing Request (CSR). This encrypted data is generated from within the Exchange Management Shell and contains information about your company and Web server.

    2. To generate a certificate request, use the New-ExchangeCertificate cmdlet, and the -GenerateRequest parameter together with the Path parameter to define where the request file will be created. The resulting file will be a PKCS#10 request (.req) file.

    This example generates a certificate request for Exchange server: mail1. The CN of the Subject Name contains the fully Qualified Domain Name (FQDN) of the server:

    New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=GlobalSign Ltd, cn=mail.globalsign.com, s=State/Region, l=Locality" -privatekeyexportable $true -Path c:\certificates\mail1.globalsign.req

    The following items are necessary for the certificate to work correctly.

    • The CSR must contain the following attributes and their values;
      1. Country (c)
      2. Organization Name (o)
      3. Common Name (cn)
      4. State (s)
      5. Locality (l)
    • The company listed in the organization Name (O) must own the domain name that appears in commonName (CN) field of CSR.
    • The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Such as mail.globalsign.com
    • Do not use the following characters in any of the fields in the Exchange Management Shell: > < ! @ # $ % ^ * ( ) ~ ? / \. &
  2. Open the CSR text file you created in step 1 (c:\mail1.globalsign.req) in a simple text editor, such as Notepad. You will need the contents of this file during the SSL certificate purchase process. Below is an example of what your CSR will look like.

    3. -----BEGIN NEW CERTIFICATE REQUEST-----
    MIIDVDCCAr0CAQAweTEeMBwGA1UEAxMVd3d3Lmpvc2VwaGNoYXBtYW4uY29tMQ8w DQYDVQQLEwZEZXNpZ24xFjAUBgNVBAoTDUpvc2VwaENoYXBtYW4xEjAQBgNVBAcT CU1haWRzdG9uZTENMAsGA1UECBMES2VudDELMAkGA1UEBhMCR0IwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAOEFDpnOKRabQhDa5asDxYPnG0c/neW18e8apjOk 1yuGRk+3GD7YQvuhBVS1x6wkw1D2RnmnZgN1nNUK0cRK7sIvOyCh1+jgD7u46mLk 81j+b4YSEmYZGPLIuclyocPDm0hXayjCUqWt7z6LMIKpLym8gayEZzz9Gn97PsbP kVFBAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4xLjI2MDAuMjB7BgorBgEE AYI3AgEOMW0wazAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggq hkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloA TQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMA cgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIDgYkAk0kf HSkr4jsEVya3mgUoyaYMO456ECNZr4Cb+WhPgexfjOO5qwOG1oDOTaKycrkc5pG+ IPBQnq+4cotT8hWJQwpc+qGb8xUETpxCokhrhN5079vFXq/5dsHkmtOTwkSqSnz9 yruVoxYeDQ8jI3KG3HTgxwFto8oZnm+E+Y4oshUAAAAAAAAAADANBgkqhkiG9w0B AQUFAAOBgQAuAxetLzgfjBdWpjpixeVYZXuPZ+6jvZNL/9hOw7Fk5pVVXWdr8csJ 6JUW8QdH9KB6ZlM4yg8Df+vat1/DG6GuD2hiIR7fQ0NtPFBQmbrSm+TTBo95lwP+ ZSZTusPFTLKaqValdnS9Uw+6Vq7/I4ouDA8QBIuaTFtPOp+8wEGBHQ==
    -----END NEW CERTIFICATE REQUEST-----

  3. Purchase certificate. Go to http://www.globalsign.com/digital_certificate/extended_validation_ssl/index.htm and select the appropriate options
  4. Submit contents of CSR. During the purchase process you will be asked to copy-and-paste the contents of the CSR file into a box then complete the certificate request form and wait to be contacted by a member of staff.

    5. Install the SSL certificate on Exchange 2007