While implementing Exchange 2007 or Exchange 2010, often mistakes are made when requesting the SSL certificate. This can be an expensive issue. The company Digicert has made two Exchange CSR Command Wizards to help you create the right Powershell commands.
Via the following two links you can find the wizards
If you want to use Outlook 2007 or later with Exchange 2007 or later, always use the following subject alternative names with your own domain names:
- autodiscover.msexchangeblog.nl
- webmail.msexchangeblog.nl
- exchserver
- exchserver.msexchangeblog.local
If youy fill in the wizard and click on Generate the Powershell command will be generated. Just copy and paste the command in the Microsoft Exchange Management Shell en submit the request.
The command for Exchange 2010 looks like this:
Set-Content -path “C:\webmail_msexchangeblog_nl” -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName “c=NL, s=NBR, l=Breda, o=Microsoft Exchange Blog, ou=IT, cn=webmail.msexchangeblog.nl” -DomainName autodiscover.msexchangeblog.nl, exchserver.msexchangeblog.local, exchserver -PrivateKeyExportable $True)
The command for Exchange 2007 looks like this:
New-ExchangeCertificate -GenerateRequest -Path c:\webmail_msexchangeblog_nl.csr -KeySize 2048 -SubjectName “c=NL, s=NBR, l=Breda, o=Microsoft Exchange Blog, ou=IT, cn=webmail.msexchangeblog.nl” -DomainName autodiscover.msexchangeblog.nl, exchserver.msexchangeblog.local, exchserver -PrivateKeyExportable $True
After the CSR is created, request the certificate at an online Certificate Authority.
From the Certificate Authority you will receive the certificate, which you can install with the following commandline in Microsoft Exchange Management Shell;
import-exchangecertificate -path c:\webmail-msexchangeblog-nl.p7b