Exchange 2010 CSR Command Wizard

Create a CSR with the Exchange 2010 Powershell. Fill in the requested information, then click Generate.
You can copy your CSR command from the Information box on the right.

Note:    After 2015, certificates for internal names will no longer be trusted.

Certificate Details
Common Name:
Subject Alternative
State / Province:
Key Size:
Making your CSR is easy!

It looks like JavaScript is disabled in your browser. If you enable JavaScript, this panel will show helpful information as you switch from field to field.
Common Name (required)

Your Exchange server's fully qualified domain name. If you are not sure what name to use, please refer to the notes below.

To secure, your common name or one of your subject alternative names must be

Less commonly, you may also enter the public IP address of your server.
Subject Alternative Names (optional)

One per line, or comma separated, either way is fine.

Microsoft recommends including your Exchange server's full public domain name (eg and

If your company has a separate internal active diretory domain you can also include the names users will connect with to access their mail (e.g.,
Department (optional)

Many people leave this field blank. This is the department within your organization which you want to appear in the certificate. It will be listed in the certificate's subject as Organizational Unit, or "ou."

Common examples:

  • Web Administration
  • Web Security
  • Marketing
  • Engineering
  • Information Technology

The city where your organization is legally located.
State or Province

The state or province where your organization is legally located.

We guessed your country based on your IP address, but if we guessed wrong, please choose the correct country. If your country does not appear in this list, there is a chance we cannot issue certificates to organizations in your country.
Organization name

The exact legal name of your organization. Example: "DigiCert, Inc."

Less commonly, if you do not have a legal registered organization name, you must enter your own full name here.
Key Size

Key sizes smaller than 2048 are considered insecure.
Now just copy and paste this command into Exchange Management Shell. Your CSR will be written to .\\###FILE###.txt.
Learn more about SSL for Exchange Where do I paste this command?

Run the command in the Exchange Management Shell on your server:

  1. Login to your Exchange 2010 server
  2. Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell
  3. Paste the New-ExchangeCertificate command from this page into the Exchange Management Shell window and press Enter
  4. Your CSR file will appear in text format in the Exchange Management Shell.

    You can copy that text by right clicking in the shell window and selecting mark, and then highlighting the entire body of text, including the Begin and End Certificate Request tags.

What Subject Alternate Names Should I Include?

Our page on choosing SAN names in Exchange 2010 can help you know what names to include in your certificate request.

What kind of SSL certificate should I buy?

When you want SSL for Exchange 2010, your choices are usually Single Certificates and Multi-Domain (SAN) Certificates.

Multi-Domain (SAN) Certificates allow you to include Subject Alternative Names in your SSL Certificate so you can protect multiple URLs with just one certificate. Microsoft recommends Multi-Domain (SAN) Certificates because they greatly simplify your SSL configuration.

2 Years $883 4 names, additionals $300 each (You Save 10%) Buy Now
1 Year $465 4 names, additionals $158 each Buy Now

Single Certificates do not contain Subject Alternative Names so they are only able to protect one server name, such as If you only use one server name for you Exchange server, a single certificate will work perfectly.

Per Year Pricing
2 Years $226 per year ($452) (You Save 10%) Buy Now
1 Year $238 Buy Now

What should you use as the Common Name?

Use the fully qualified domain name of your Exchange server--the name clients use when connecting to the server, such as

If you'll be using mobile devices to connect to Exchange, you may want to read about Subject Alternative Name compatibility for more details.