Apr 20, 2023
To generate a CSR (Certificate Signing Request) on a Microsoft Exchange Server 2007, you can use the Exchange Management Shell. Here are the basic steps: Note: The recommended key bit size is 2048-bit.

  1. Open the Exchange Management Shell on the server where you want to generate the CSR.
  2. Run the following command to create the private key for the CSR:      
Copy Code : New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, o=Your Organization, cn=yourdomain.com" -DomainName yourdomain.com, youralias.com -PrivateKeyExportable $true
    1. Country Name (C) : is the two-letter code for the country where your organization is officially registered.
    2. Locality or City (L) : is the city where your organization is legally located, without using any abbreviation.
    3. State or Province (S) : is the state or province where your organization is legally incorporated, without using any abbreviation.
    4. Organization Name (O) : is the complete legal name of your organization, including any corporate identifier.
    5. Common Name (CN) : is the Fully-qualified domain name that you want to secure with the SSL certificate, for example www.google.com, secure.website.org, *.domain.net etc.
    6. Domain Name (DN) : is any additional domains you want to secure under the same SSL certificate, separate them with a comma.
    7. The PrivateKeyExportable set to $true, allows to export the key pair and move the SSL certificate to another computer or device.
  1. Make sure to replace "Your Organization" and "yourdomain.com" with the appropriate information for your organization and domain.
  2. Run the following command to view the details of the certificate, including the request (CSR) in Base-64 encoded format:
Make sure to replace the thumbprint value with the actual thumbprint of the certificate.
  1. Copy the Base-64 encoded request (CSR) and provide it to the certificate authority (CA) that you are using to request the SSL certificate.
  2. Once the CA has issued the certificate, import the certificate with the following command:
Copy code : Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path "C:\Certificates\yourdomain.com.cer" -Encoding byte -ReadCount 0))
  1. Use the command Enable-ExchangeCertificate -Thumbprint XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -Services "IIS" to enable the certificate for IIS.
  2. Check the certificate status again with the command Get-ExchangeCertificate -Thumbprint  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | fl to check if all is good.
  3. finally configure IIS on the Exchange 2007 server to use the newly installed certificate.

Have any Questions


If you have any questions, feel free to call us