Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2010

Solution ID:    SO14717    Updated:    07/25/2013


This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2010. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft. 

NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size.

To generate a CSR for Microsoft Exchange 2010, use the Exchange Certificate Wizard and perform the following steps:

    1.    Open the Exchange Management Console by going to:
           Start > Programs > Microsoft Exchange 2010 > EMC.
    2.    Select Manage Databases


    3.    Select Server Configuration in the left menu, and then New Exchange Certificate from the 
           actions menu on the right.
    4.    When prompted for a friendly name, enter a name by which you can easily remember and
           identify this certificate. 
           This name is used for identification only and does not form part of the CSR.
    5.    Under Domain Scope, leave the option to Enable wild card certificate unchecked and click Next.
           NOTE: If you are requesting a Wildcard Certificate, select this option, click Next, and
           proceed to Step 8.
    6.    In the Exchange Configuration menu, select the services that will be secured, and enter the
           URLs used to connect to those services.  
    7.    Click Next.
    8.    In the Certificate Domains section, Exchange 2010 will provide a list of domains to include
           in your certificate request.  
           NOTE: RapidSSL enrollment pages will only recognize the URL that you Set as common name.  
           It is recommended that you delete / remove the other URLs in this list. 
    9.    Click Next.
  10.    In the Organization and Location section, please provide the following information:


    • Organization: If your company or department has an &, @, or any other symbol using
      the shift key in its name, you must spell out the symbol or omit it to enroll, for example:
      XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational unit: This field is the name of the department or organization unit making the request.
    • Country/region: Use the two-letter code without punctuation for country, for example: US or CA.
    • City/locality: The Locality field is the city or town name, for example: Berkeley.
    • State/province: Spell out the state completely; do not abbreviate the state or province name, for example: California.
  11.    Click Next.
  12.    Click Browse to save the CSR to your computer as a .req file, then click Save. 
  13.    Click Next > New > Finish.
  14.    You will now be able to open the CSR with notepad.
  15.    Proceed with Enrolment.
           NOTE: During the enrolment open the file you created from the above steps and 
           copy the contents into the enrollment form when requested for the CSR.


Once the certificate has been issued, refer to this link for installation instructions: SO18078


RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips