Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
picture of tbs certificates
picture of tbs certificates
Our products range

Generate a CSR for Microsoft Exchange 2010 - 2013 - 2016 - 2019

In Exchange 2010, Microsoft wanted all the communications to be secured by SSL. It a quasi-complete success and the server is delivered with a self-signed certificate.

For a normal functioning the self-signed certificate has to be replaced by a certificate recognized by web browsers and mobile platforms. You'll have to do the stocktaking of FQDN/SAN you'll need to smooth the services functioning with certificates.

Look for:
  • the external and/or internal FQDN for Outlook Web Access
  • the external and/or internal FQDN for Exchange ActiveSync
  • the external and/or internal FQDN for Autodiscover, Outlook Anywhere, Web Services
  • the external and/or internal FQDN for POP, IMAP
  • the external and/or internal FQDN for Unified Messaging Server
  • the external and/or internal FQDN for Hub Transport Server
  • the external and/or internal FQDN for Federation Sharing
Warning: The use of certificates containing an internal name (xxx.local, yyy.priv, computer name) or a domain not registered or not controlled by IANA is frowned upon by the CA / Browsers Forum and is no longer accepted by any authority on 1 Nov 2015 (further information).

We recommend Multi-San certificates for this type of service to be secured, see our comparison table here: Comparison of server SSL certificates with SANs

Once your needs are identified, follow the instructions below or use Microsoft new wizard in Exchange Management Console, at the Server Organization root, New Exchange Certificate.

1- Prepare your order

  • Make sure you are connected to your Exchange server as administrator.
  • Do not enter comma in the fields of your CSR (commas are interpreted as separators).
  • Only use standard characters (letters from A to Z, numbers, dash) in your websites' names. Do not use accent nor ! @ # $ % ^ * ( ) ~ ? > < & / \

2- Generate your CSR

  • Launch the New-ExchangeCertificate (in the powershell)
  • generate a CSR with the following command filled with your information. Put the main name of your server in CN=
    First of all launch the following command line:
    $Data = New-ExchangeCertificate -GenerateRequest -SubjectName 
      "C=FR, O=My Company Inc, L=Lyon, ST=Rhone," 

    you can also use our tool to generate the command line:CSR Creation Assistance

    This command will store your CSR in a $Data variable
  • They, we export the CSR to a file using the following command:
    Set-Content -path "C:\" -Value $Data
  • It is not necessary (actually we advise not to) to include the other SANs of the certificate here, you'll do it on our web form.

3- Finalize the order process

  • Place your request on our website using the appropriate link. See Access an order form
  • Copy/paste the CSR file content in the form.

In case of a renewal

If you want to renew your SSL certificate with Exchange 2010, you'd better not use the "Renew" function of the Exchange 2010 management console (EMC). Indeed, it generates CSR in binary format that is not compatible with the standard X509 text format used by almost all suppliers. See Renew a certificate with Exchange 2010

See also:

Additional information

N.B.: Using a certificate using a reserved IP or a local name (xxx.local, machine_name) is desapproved by the CA / Browsers Forum and will soon cease to be accepted by certification authorities (more information).