How to Generate a CSR on Microsoft Exchange Server?
Steps to Generate CSR on Microsoft Exchange Server
Generating a CSR in Microsoft Exchange Server is an important step in securing your server and protecting your customer’s sensitive information as it is required to install the SSL Certificate on the Exchange Server.
There are two ways you can generate the CSR and Private Key
- Use our Free CSR Generator Tool
- User Exchange Management Shell
- Use Exchange Management Console
Steps to Generate CSR in Exchange Server using Exchange Management Shell
- Open the Exchange Management Shell as an administrator.
- Run the following command to create a new CSR:
New-ExchangeCertificate -GenerateRequest -KeySize <key size> -SubjectName "CN=<fully qualified domain name>" -DomainName <domain names> -PrivateKeyExportable $true -Path "<file path and name>.csr"
- Replace <key size> with the desired key size for the certificate (e.g., 2048 or 4098)
- <fully qualified domain name> with the fully qualified domain name for your server (e.g., mail.example.com)
- <domain names> with a comma-separated list of domain names that will be included in the certificate (e.g., mail.example.com, autodiscover.example.com)
- <file path and name> with the location in your system where you wish to save the CSR file.
- Enter a password to protect the private key generated with the CSR.
- Review the CSR to ensure that it contains the correct information by running the following command:
Get-Content "<file path and name>.csr"
This will display the contents of the CSR file in the Exchange Management Shell.
- Submit the CSR to the CA (Certificate Authority) to issue an SSL certificate for your Exchange server.
Note: It is important to secure the Private Key generated with the CSR, as it will be needed to install the SSL/TLS certificate on your Exchange server.
Steps to Generate CSR in Exchange Server with Exchange Management Console
- Open Exchange Management Console.
- Click on the Manage Databases tab
- Select Server Configuration
- Right-click on the server where you want to generate the CSR
- Select New Exchange Certificate
- In the Exchange Certificate Wizard > Select “Create a request for a certificate from a certification authority“.
- Click Next
- Add a Name for the certificate
- Click Next
- Select the Server where you want to install the certificate, then click Next.
- Enter the organization and department information for your company
- Click Next
- Select the services you want to secure with the certificate (e.g., SMTP, POP, IMAP, etc.)
- Click Next
- Choose a location to save the CSR file
- Click Next
- Review the information on the “Completing the New Exchange Certificate Wizard” page.
- Click Finish
After receiving the signed certificate, you can install it on your Exchange Server using the Exchange Management Shell or the Exchange Admin Center.