Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2010

Solution ID:    SO13593    Updated:    09/15/2015

Solution

 
This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2010. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
 

Watch a video demo to easily generate a Certificate Signing Request (CSR) on a Microsoft Exchange 2010 server
 
 

 


To generate a CSR for Microsoft Exchange 2010, use the Exchange Certificate Wizard and perform the following steps:

  1. Open the Exchange Management Console (EMC) by going to
    Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
     
  2. Select Manage Databases


     
  3. Select Server Configuration in the left menu, and then New Exchange Certificate from the actions menu on the right.
     
  4. When prompted for a friendly name, enter a name by which you can easily remember and identify this certificate. This name is used for identification only and does not form part of the CSR.
     
  5. Under Domain Scope, leave the option to Enable wild card certificate unchecked and click Next.
    NOTE: If you are requesting a Wildcard Certificate, select this option, click Next, and proceed to Step 8.
     
  6. In the Exchange Configuration menu, select the services that will be secured, and enter the URLs used to connect to those services. 
     
  7. Click Next.
     
  8. In the Certificate Domains section, Exchange 2010 will provide a list of domains to include in your certificate request.  
    NOTE: Symantec enrollment pages will only recognize the URL that you Set as common name.  It is recommended that you delete / remove the other URLs in this list. You will need to manually enter these URLs as Subject Alternative Names (SANs) when enrolling for the certificate (see solution SO12322).
     
  9. Click Next.
     
  10. In the Organization and Location section, please provide the following information:


     
    • Organization: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational unit: This field is the name of the department or organization unit making the request.
    • Country/region: Use the two-letter code without punctuation for country, for example: US or CA.
    • City/locality: The Locality field is the city or town name, for example: Berkeley.
    • State/province: Spell out the state completely; do not abbreviate the state or province name, for example: California.

       
  11. Click Next.
     
  12. Click Browse to save the CSR to your computer as a .req file, then click Save.
     
  13. Click Next > New > Finish.
     
  14. You will now be able to open the CSR with notepad. Copy everything from the first - of the BEGIN line right through to the last - of the END line into the online order form.
     
  15. Verify your CSR
     
  16. Proceed with Enrolment.

    NOTE: During the enrolment open the file you created from the above steps and copy the contents into the enrollment form
    when requested for the CSR.

     

To enroll for Certificate using Subject Alternative Names, follow the steps from this solution: SO12322

Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO13594

 

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers