Export (0) Print
Expand All

Create a Digital Certificate Request

 

Applies to: Exchange Server 2013

Topic Last Modified: 2013-02-21

In Exchange Server 2013, you can manage certificates using the EAC or the Shell. The EAC includes a new certificate management user interface. Through this new UI, you can create a new certificate, edit an existing certificate, or remove a certificate.

  • Estimated time to complete: 10 minutes plus time for the certification authority response.
  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Client Access server security" entry in the Clients and Mobile Devices Permissions topic.
  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard Shortcuts in the Exchange Admin Center.
tipTip:
Having problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

  1. In the EAC, navigate to Servers > Certificates.
  2. In the Select server list, select the server for which you want to create a certificate, and then click Add Add Icon.
  3. In the New Exchange certificate wizard, choose either Create a request for a certificate from a certification authority or Create a self-signed certificate, and then select Next.
  4. Enter a friendly name for the certificate and select Next.
  5. If you didn’t choose a self-signed certificate and you want a wildcard certificate, select the box marked Request a wildcard certificate, enter the root domain, for example *.contoso.com, and then select Next. If you chose a self-signed certificate, skip this step.
  6. Select the servers that you want to apply this certificate to and select Next.
  7. Specify the domains you want to be included in your certificate and then select Next.
  8. Verify that the included domains are correct. If you chose a self-signed certificate, select Finish. Otherwise select Next.
  9. Enter your organization name, department name, city or locality, state or province, and country or region, and then select Next.
  10. Enter a location to save the certificate request and select Finish.

If you didn’t select a self-signed certificate, you’ll need to send the certificate request file to the certification authority for processing.

Run the following commands.

$reqfile = New-ExchangeCertificate -GenerateRequest -SubjectName "C=US,o=Contoso,cn=contosotocert" -DomainName "contoso.com" -PrivateKeyExportable $true
$reqfile | out-file c:\certreq.txt

If you created a self-signed certificate, the newly created certificate will appear in the certificate management UI. If you created a certificate request from a certification authority, the certificate request file will be in the location you specified. Send this file to the certification authority.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft