Aug27

Written by:David Aldridge
8/27/2010 1:05 PM 

The simplest way to generate a CSR for a UM SSL certificate for both Exchange 2007 and Exchange 2010 is to use a little powershell.  The code is slightly different between the two.

Powershell code for Exchange 2007:
New-ExchangeCertificate -GenerateRequest -Path c:\exch-csr.csr -KeySize 2048 -SubjectName "c=US, s=State, l=City, o=Company, ou=IT, cn=server.domain.com" -DomainName server, server.domain.com, autodiscover.domain.com, server.altdomain.com, autodiscover.altdomain.com -PrivateKeyExportable $True

Powershell code for Exchange 2010:
Set-Content -path "C:\exch-csr" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=State, l=City, o=Company, ou=IT, cn=server.domain.com" -DomainName server, server.domain.com, autodiscover.domain.com, server.altdomain.com, autodiscover.altdomain.com -PrivateKeyExportable $True)

Now both end up putting the CSR in the file C:\exch-csr.csr, and you need to change the parameters to suit your organization.

You replace Company, City and State appropriately for your company name and location.  You replace server.domain.com with your servers fully qualified domain name.  Similarly the altdomain.com names would be replaced with any alternate domain names, or removed if you only have one.

Once you have the SSL certificate file issued by your provider, you can then install it using the following powershell code:

Powershell code for Exchange 2007:
Import-ExchangeCertificate -Path C:\domain_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"

Can be verified with:
Get-ExchangeCertificate -DomainName your.domain.name

Can change enabled certificate with:
Enable-ExchangeCertificate -ThumbPrint [from get-exchangecertificate] -Services "SMTP, IMAP, POP, IIS"

Powershell code for Exchange 2010:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"

Tags:

Your name:
Your email:
(Optional) Email used only to show Gravatar.
Your website:
Title:
Comment:
Security Code
Enter the code shown above in the box below
Add Comment  Cancel 
You must be logged in and have permission to create or edit a blog.