This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2010. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size.
To generate a CSR for Microsoft Exchange 2010, use the Exchange Certificate Wizard and perform the following steps:
1. Open the Exchange Management Console by going to:
Start > Programs > Microsoft Exchange 2010 > EMC.
2. Select Manage Databases
3. Select Server Configuration in the left menu, and then New Exchange Certificate from the
actions menu on the right.
4. When prompted for a friendly name, enter a name by which you can easily remember and
identify this certificate.
This name is used for identification only and does not form part of the CSR.
5. Under Domain Scope, leave the option to Enable wild card certificate unchecked and click Next.
NOTE: If you are requesting a Wildcard Certificate, select this option, click Next, and
proceed to Step 8.
6. In the Exchange Configuration menu, select the services that will be secured, and enter the
URLs used to connect to those services.
7. Click Next.
8. In the Certificate Domains section, Exchange 2010 will provide a list of domains to include
in your certificate request.
NOTE: RapidSSL enrollment pages will only recognize the URL that you Set as common name.
It is recommended that you delete / remove the other URLs in this list.
9. Click Next.
10. In the Organization and Location section, please provide the following information:
- Organization: If your company or department has an &, @, or any other symbol using
the shift key in its name, you must spell out the symbol or omit it to enroll, for example:
XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational unit: This field is the name of the department or organization unit making the request.
- Country/region: Use the two-letter code without punctuation for country, for example: US or CA.
- City/locality: The Locality field is the city or town name, for example: Berkeley.
- State/province: Spell out the state completely; do not abbreviate the state or province name, for example: California.
12. Click Browse to save the CSR to your computer as a .req file, then click Save.
13. Click Next > New > Finish.
14. You will now be able to open the CSR with notepad.
15. Proceed with Enrolment.
NOTE: During the enrolment open the file you created from the above steps and
copy the contents into the enrollment form when requested for the CSR.
Once the certificate has been issued, refer to this link for installation instructions: SO18078