Exchange Server 2010: Generate CSRs (Certificate Signing Requests)
To complete your online request form for an SSL, you need a Certificate Signing Request (CSR). Follow these instructions to generate a CSR for your website. After you generate your CSR, copy and paste it into the CSR field on the SSL certificate request page.
To Generate your Certificate Signing Request — Exchange Server 2010
- Start the Exchange Management Console by selecting Start, All Programs, Microsoft Exchange Server 2010, and then Exchange Management Console.
- Click + next to Microsoft Exchange On-Premises to expand the list of services.
- Select Server Configuration, and then select New Exchange Certificate.
- Enter a friendly name to identify this certificate, and then click Next.
- In the Domain Scope section, do one of the following:
- If your CSR is for a wildcard, select Enable wildcard certificate, enter the root domain name for your wildcard certificate, and then click Next.
- If your CSR is not for a wildcard certificate, click Next without selecting anything.
Note: If your CSR is for a wildcard certificate, skip the next step.
- In the Exchange Configuration section, select the following services you want to run securely, and then click Next:
Note: You need to know exactly how your server is configured to select the services you need to run.
- Sharing — Select if you want to use your certificate for Federated Delegation.
- Client Access server (Outlook Web App) — Select if you have Outlook Web App on the Internet, and then enter the domain names you use to access Outlook Web App.
- Client Access server (Exchange ActiveSync) — Select if ActiveSync is enabled, and then enter the domain name you use to access ActiveSync.
- Client Access server (Web Services, Outlook Anywhere, and Autodiscover) — Select if you are using Exchange Web Services or Outlook Anywhere, and then enter the host name for your organization. You also need to select if you want the Autodiscover service for the Internet. If you do, select a long or short URL, and then enter the domain name you use to access it.
- Client Access server (POP/IMAP) — Select if you are using POP/IMAP services internally and/or externally. Enter the domain name you use to access both POP and IMAP services.
- Unified Messaging server — Select if you want to use a Self-signed or Public certificate with Unified Messaging, and then enter the fully qualified domain name (FQDN) you use for your Unified Messaging servers.
- Hub Transport server — Select if you want to use mutual TLS to help secure Internet mail or if you want to use the server for POP/IMAP client submission. For either selection, you need to enter the FQDN of your server.
- Legacy Exchange Server — Select if you want to use your legacy domain names and then enter the domain name associated with your legacy servers.
- Select the common name (the primary name on the certificate), click Set as common name, and then click Next.
- Complete the following fields, and then click Next:
- Organization — The full legal name of your company or organization.
- Organization unit — The organization within the company responsible for the certificate.
- Country/Region — Select the country were the organization is legally registered.
- City/locality — The full name of the city where your organization is registered.
- State/province — The full name of the state or province where your organization is registered. If you do not have a state or province, enter your city information.
- Click Browse to save the CSR to your computer.
- Locate where you want to save the file, enter a File name, and then click Save.
- From the New Exchange Certificate section click Next, New, and then Finish.
- Locate, copy, and paste the CSR into our online application.
- To get a copy right click on the .req file, select Open With, and then select a text editor like Notepad.
- Paste all of the text, including ----BEGIN NEW CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----, in our online request form.
Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.