Exchange 2007 SSL CSR Command Wizard(The faster way to make your CSR in Exchange 2007)
Looking to generate a CSR for Exchange 2010? Try this link.
Fill in the details, click Generate, then copy your CSR command into Exchange Management Shell.
Note: After 2015, certificates for internal names will no longer be trusted.
Common Name (required)
Your Exchange server's fully qualified domain name. If you are not sure what name to use, please refer to the notes below.
To secure mail.example.com, your common name or one of your subject alternative names must be mail.example.com.
Less commonly, you may also enter the public IP address of your server.
For Wildcard certificates, enter your common name as *.example.com, and leave the SAN field blank.
Subject Alternative Names (optional)
One per line, or comma separated, either way is fine.
Microsoft recommends including your Exchange server's full public domain name (eg mail.yourdomain.com) and autodiscover.yourdomain.com.
If your company has a separate internal active diretory domain you can also include the names users will connect with to access their mail (e.g. mail.internaldomain.com, CAS.internaldomain.com).
Many people leave this field blank. This is the department within your organization which you want to appear in the certificate. It will be listed in the certificate's subject as Organizational Unit, or "ou."
The city where your organization is legally located.
State or Province
The state or province where your organization is legally located.
Your IP appears to be in the USA, so we've provided a States dropdown list for your convenience. But if you're creating a CSR for a location outside of the USA, you can enter anything into the list. It will accept any state name you type.
We guessed your country based on your IP address, but if we guessed wrong, please choose the correct country. If your country does not appear in this list, there is a chance we cannot issue certificates to organizations in your country.
The exact legal name of your organization. Example: "DigiCert, Inc."
Less commonly, if you do not have a legal registered organization name, you must enter your own full name here.
Key sizes smaller than 2048 are considered insecure.
Now just copy and paste this command into Exchange Management Shell. Your CSR will be written to c:\\###FILE###.csr.
Run the command in the Exchange Management Shell on your server:
- Login to your Exchange 2007 server
- Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell
- Paste the New-ExchangeCertificate command from this page into the Exchange Management Shell window and press Enter
- Your CSR file should now be in C:\ on your server (as named by the -Path option in the command itself.)
If you have questions, see our page on choosing your SAN names.What kind of SSL certificate should you buy?
SAN Certificates give you control of the Subject Alternative Name field so you can protect multiple URLs with just one certificate. Microsoft recommends Unified Communications Certificates because they greatly simplify your SSL configuration.
|3 Years||$719||4 names, additional names $99 each||(You Save 20%)||Buy Now|
|2 Years||$539||4 names, additionals $79 each||(You Save 10%)||Buy Now|
|1 Year||$299||4 names, additionals $49 each||Buy Now|
Single Certificates do not contain Subject Alternative Names so they are only able to protect one server name, such as mail.example.com. If you only use one server name for you Exchange server, a single certificate will work perfectly.
|Per Year Pricing|
|3 Years||$139 per year||($419)||(You Save 20%)||Buy Now|
|2 Years||$157 per year||($315)||(You Save 10%)||Buy Now|
|1 Year||$175||Buy Now|
What should you use as the Common Name?
Use the fully qualified domain name of your Exchange server--the name clients use when connecting to the server, such as mail.example.com.
If you will be using mobile devices to connect to Exchange, you may want to read about Subject Alternative Name compatibility for more details.