[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 297
  • Last Modified:

Generate new request for certificate

I have Exch. 2007 and 2008 srv., I wonder how can I install certificate for owa and Outlook access. I have installed Certificate authority role. Now I want to generate certification request but I do not how. In iis I have not found that and command "new-exchangecertificate ..." does not work. When I type it in cmd line, issue that command name is not located appier.
Could you help ?
2 Solutions
ParanormasticCryptographic EngineerCommented:
Here is the overview for using a self-signed cert for exchange 2007:

If you want to migrate to a public certificate, you can use this tool to create a valid request format to use in the Exchange Management Shell - fill in the form and the command will show up, and the instructions are at the bottom.

If you are using OWA you might consider getting a Unified Communications (UC) certificate for your exchange cert.  The output above will work for any commercial or internal CA.
"I have installed Certificate authority role"

The CA role is only necessary if you are going to issue internal certificates for use within the company.

"command "new-exchangecertificate ..." does not work. When I type it in cmd line, issue that command name is not located appier."

Just checking, but are you typing the command into the Exchange Management Shell, or just a command prompt? The command must be done from the Exchange Management Shell.

The link that Paranormastic has given you for Digicert's CSR generator is the one I use as well and you will paste the result it gives you directly into the Exchange Management Shell. It does not mean you have to buy the certificate from Digicert, you can use the CSR at any cert authority.

Once you create the CSR and buy your certificate from a cert authority, you will have to import it and set Exchange to use it for SMTP, IMAP and POP protocols. There is another Exchange Management Shell command for this.

In the Exchange Management Console, go to the top of the tree -> Microsoft Exchange. Click on the "Finalize Deployment" tab, and select "Configure SSL for your Client Access Server", and follow the instructions under Steps 2, 3 and 4.

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now