The simplest way to generate a CSR for a UM SSL certificate for both Exchange 2007 and Exchange 2010 is to use a little powershell. The code is slightly different between the two.
Powershell code for Exchange 2007:
New-ExchangeCertificate -GenerateRequest -Path c:\exch-csr.csr -KeySize 2048 -SubjectName "c=US, s=State, l=City, o=Company, ou=IT, cn=server.domain.com" -DomainName server, server.domain.com, autodiscover.domain.com, server.altdomain.com, autodiscover.altdomain.com -PrivateKeyExportable $True
Powershell code for Exchange 2010:
Set-Content -path "C:\exch-csr" -Value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, s=State, l=City, o=Company, ou=IT, cn=server.domain.com" -DomainName server, server.domain.com, autodiscover.domain.com, server.altdomain.com, autodiscover.altdomain.com -PrivateKeyExportable $True)
Now both end up putting the CSR in the file C:\exch-csr.csr, and you need to change the parameters to suit your organization.
You replace Company, City and State appropriately for your company name and location. You replace server.domain.com with your servers fully qualified domain name. Similarly the altdomain.com names would be replaced with any alternate domain names, or removed if you only have one.
Once you have the SSL certificate file issued by your provider, you can then install it using the following powershell code:
Powershell code for Exchange 2007:
Import-ExchangeCertificate -Path C:\domain_name.cer | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS"
Can be verified with:
Get-ExchangeCertificate -DomainName your.domain.name
Can change enabled certificate with:
Enable-ExchangeCertificate -ThumbPrint [from get-exchangecertificate] -Services "SMTP, IMAP, POP, IIS"
Powershell code for Exchange 2010:
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\domain_name.p7b -Encoding byte -ReadCount 0)) | Enable-ExchangeCertificate -Services "IIS,POP,IMAP,SMTP"