To create a Certificate Signing Request (CSR) in Exchange 2007 use the cmdlet New-ExchangeCertificate.
NOTE: Do not use the IIS console or the MMC snap-in because it will not work with Exchange 2007!
The GenerateRequest parameter for this cmdlet will generate the CSR as a PKCS#10 file. The GenerateRequest parameter contains all the details mentioned in the certificate. The CN (Common Name) parameter is the domain name.
Step 1: Start the Exchange Management Shell
Start the Exchange Management Shell as an administrator on the server where you want to install the actual SSL Certificate.
- Start
- All Programs
- Microsoft Exchange Server 2007
- Exchange Management Shell
Step 2: Generate the Certificate Signing Request
If you want to use the SSL certificate in combination with Outlook Anywhere, Outlook Web Access and the autodiscovery functionality, you need to specify additional information when creating the Certificate Signing Request.
For both Outlook Anywhere and Outlook Web Access the name webmail.hereyourname.com is used. Because the autodiscover functionality will be used, you should also specify autodiscover.hereyourname.com in the certificate. Also, the local server name should be included in the certificate. This local name will Exchange Outlook use for internal communication.
To create a Certificate Request Signing with Autodiscovery and an internal communication over SSL, you must use the following command.
New-ExchangeCertificate -DomainName autodiscover.hereyourname.com -Force
-FriendlyName Yourname
-GenerateRequest:$True
-Keysize 2048
-Path c:/csr.txt
-privatekeyExportable:$true
-SubjectName "C=NL, O=Hereyourcompany, L=Hereyourcity,
S=Hereyourprovince, CN=mail.hereyourname.com"
However, if you just like to secure Outlook Anywhere and Outlook Web Access with an SSL Certificate you can use the following command (In this case, you can use the normal Pro SSL Certificate).
New-ExchangeCertificate -DomainName mail.hereyourname.com
-Force
-FriendlyName Yourname
-GenerateRequest:$True
-Keysize 2048
-Path c:/csr.txt
-privatekeyExportable:$true
-SubjectName "C=NL, O=Hereyourcompany, L=Hereyourcity,
S=Hereyourprovince, CN=mail.hereyourname.com"
Now the file c:/csr.txt will be created. This is the CSR file.
Open CSR file with Notepad or Wordpad, copy all and paste into this tool can test CSR is valid and accurate or not: https://cryptoreport.websecurity.symantec.com/checker/views/csrCheck.jsp
Copy the entries of CSR file and send it to VietNamHost , or paste it to the online SSL order screen on VietNamHost website.
After you receive your SSL Certificate from VietNamHost, you can install it.
See Microsoft Exchange 2007 SSL Installation Instructions.
