Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Renew Exchange 2010 certificate with Geotrust

Posted on 2013-06-12
11
Medium Priority
?
1,839 Views
Last Modified: 2013-07-27
I have used the Renew Certificate wizard in Exchange 2010 Managment console to create a .req file. Geotrust requests I cut & paste the contents of a CSR into their browser window. The .req file generated by Exchange is binary..???

How do generate a csr file in Exchange 2010 not a .req file..?

Many thanks in advance..

Mat
0
Comment
Question by:matedwards
11 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 1050 total points
ID: 39240596
You can open the .req file in notepad and copy the contents.

Steps are mentioned in their own site itself

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO14716&actp=search&viewlocale=en_US&searchid=1371033612198

You can also generate the CSR through power shell command

Start the Management Shell by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Shell

From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true
This command should be entered into the management shell as one line. Make sure to replace the details listed in this sample command with the details of your own organization as explained above.

Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.

Your CSR file will be printed to the management shell after running this command. To copy it from the management shell, you will need to right click and choose "mark". You can now paste the entire contents of the file, including the BEGIN and END tags to the DigiCert online order form when prompted.

If you want to create a CSR file automatically on your machine after running the CSR creation command, run the following line immediately after generating the file
Set-Content -path "C:\your_CSR_name.csr" -Value $Data

http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
0
 

Author Comment

by:matedwards
ID: 39240930
I can't copy & paste the binary into the Geotrust webpage.. it gives an error.

Will creating a new csr casue any problems to existing services.?

thanks again

Mat
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39240961
Hi,

Check this out!

Generate CSR Microsoft Exchange Server 2010
http://www.geocerts.com/csr/exchange_2010

Hope that helps :)
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:matedwards
ID: 39241040
Yep.. that is to create a new certificate.. will this impact on any existing services if it's not a renewed certificate.?

thanks

mat
0
 

Author Comment

by:matedwards
ID: 39241297
I have just incereased the size of the font in Notepad to read the contents of the .req file and realised it is Madarin or Cantonese..!! How do I change it to English..?

Notepad is working in English..

Apologies.. very confused..!!!
0
 

Author Comment

by:matedwards
ID: 39241776
There was one other experts-exchange user who had the same problem (Q_27582268).. the .req file is encoded on Base64..
I used this website to decode it (http://www.motobit.com/util/base64-decoder-encoder.asp) and then C&P it into Geotrust website.. then got an error stating it was 1024 bit CSR and should create a 2048 bit csr..!!

Can a 2048bit csr only be done from the Exchange Management Shell..?

Thanks again

Mat
0
 

Accepted Solution

by:
matedwards earned 0 total points
ID: 39241818
I think I have found a solution..

Certificate Authorities (like Geotrust) will only accept 2048bit csr

In Exchange Management Shell type (all on one line):

Get- ExchangeCertificate -Thumbprint 'xxxxxxxxxxxxxxxx' | New-ExchangeCertificate -GenerateRequest -KeySize 2048 -PrivateKeyExportable $true


* where xxxxxxxxxxx is the thumbprint of your existing certificate. This can be easily be found by right clicking the certificate in Exchange Management Console selecting Open and then the details tab.
* the -KeySize 2048 switch ensures the 2048 bit csr even if  your existing key is 1024bit.
* it also stopped the Base64 encoding problem encountered when using the GUI.
0
 
LVL 10

Expert Comment

by:Senthil Kumar
ID: 39243637
i think i have already mentioned this in my post

"From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true"
0
 

Author Comment

by:matedwards
ID: 39243699
Thanks Kumar.. but that is to create a new certificate.. I needed to renew an existing certificate...
0
 
LVL 27

Expert Comment

by:MAS
ID: 39250844
As guided by Kumar you can create a new CSR, renew/reissue certificate, import certificate and assign services to the new certificate.
please check these as well
1
2
0
 

Author Closing Comment

by:matedwards
ID: 39360126
To renew the certificate I had to generate the .csr from the EM command line.. as the EMC generated it in Base64. This I then submitted to the Certificate Authority. I then used to EMC gui to import the new certificate and assign the services.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question