Solved

Renew Exchange 2010 certificate with Geotrust

Posted on 2013-06-12
11
1,660 Views
Last Modified: 2013-07-27
I have used the Renew Certificate wizard in Exchange 2010 Managment console to create a .req file. Geotrust requests I cut & paste the contents of a CSR into their browser window. The .req file generated by Exchange is binary..???

How do generate a csr file in Exchange 2010 not a .req file..?

Many thanks in advance..

Mat
0
Comment
Question by:matedwards
11 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 350 total points
ID: 39240596
You can open the .req file in notepad and copy the contents.

Steps are mentioned in their own site itself

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO14716&actp=search&viewlocale=en_US&searchid=1371033612198

You can also generate the CSR through power shell command

Start the Management Shell by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Shell

From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true
This command should be entered into the management shell as one line. Make sure to replace the details listed in this sample command with the details of your own organization as explained above.

Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.

Your CSR file will be printed to the management shell after running this command. To copy it from the management shell, you will need to right click and choose "mark". You can now paste the entire contents of the file, including the BEGIN and END tags to the DigiCert online order form when prompted.

If you want to create a CSR file automatically on your machine after running the CSR creation command, run the following line immediately after generating the file
Set-Content -path "C:\your_CSR_name.csr" -Value $Data

http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
0
 

Author Comment

by:matedwards
ID: 39240930
I can't copy & paste the binary into the Geotrust webpage.. it gives an error.

Will creating a new csr casue any problems to existing services.?

thanks again

Mat
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39240961
Hi,

Check this out!

Generate CSR Microsoft Exchange Server 2010
http://www.geocerts.com/csr/exchange_2010

Hope that helps :)
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 

Author Comment

by:matedwards
ID: 39241040
Yep.. that is to create a new certificate.. will this impact on any existing services if it's not a renewed certificate.?

thanks

mat
0
 

Author Comment

by:matedwards
ID: 39241297
I have just incereased the size of the font in Notepad to read the contents of the .req file and realised it is Madarin or Cantonese..!! How do I change it to English..?

Notepad is working in English..

Apologies.. very confused..!!!
0
 

Author Comment

by:matedwards
ID: 39241776
There was one other experts-exchange user who had the same problem (Q_27582268).. the .req file is encoded on Base64..
I used this website to decode it (http://www.motobit.com/util/base64-decoder-encoder.asp) and then C&P it into Geotrust website.. then got an error stating it was 1024 bit CSR and should create a 2048 bit csr..!!

Can a 2048bit csr only be done from the Exchange Management Shell..?

Thanks again

Mat
0
 

Accepted Solution

by:
matedwards earned 0 total points
ID: 39241818
I think I have found a solution..

Certificate Authorities (like Geotrust) will only accept 2048bit csr

In Exchange Management Shell type (all on one line):

Get- ExchangeCertificate -Thumbprint 'xxxxxxxxxxxxxxxx' | New-ExchangeCertificate -GenerateRequest -KeySize 2048 -PrivateKeyExportable $true


* where xxxxxxxxxxx is the thumbprint of your existing certificate. This can be easily be found by right clicking the certificate in Exchange Management Console selecting Open and then the details tab.
* the -KeySize 2048 switch ensures the 2048 bit csr even if  your existing key is 1024bit.
* it also stopped the Base64 encoding problem encountered when using the GUI.
0
 
LVL 10

Expert Comment

by:Senthil Kumar
ID: 39243637
i think i have already mentioned this in my post

"From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true"
0
 

Author Comment

by:matedwards
ID: 39243699
Thanks Kumar.. but that is to create a new certificate.. I needed to renew an existing certificate...
0
 
LVL 25

Expert Comment

by:-MAS
ID: 39250844
As guided by Kumar you can create a new CSR, renew/reissue certificate, import certificate and assign services to the new certificate.
please check these as well
1
2
0
 

Author Closing Comment

by:matedwards
ID: 39360126
To renew the certificate I had to generate the .csr from the EM command line.. as the EMC generated it in Base64. This I then submitted to the Certificate Authority. I then used to EMC gui to import the new certificate and assign the services.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question