Solved

Renew Exchange 2010 certificate with Geotrust

Posted on 2013-06-12
11
1,561 Views
Last Modified: 2013-07-27
I have used the Renew Certificate wizard in Exchange 2010 Managment console to create a .req file. Geotrust requests I cut & paste the contents of a CSR into their browser window. The .req file generated by Exchange is binary..???

How do generate a csr file in Exchange 2010 not a .req file..?

Many thanks in advance..

Mat
0
Comment
Question by:matedwards
11 Comments
 
LVL 10

Assisted Solution

by:Senthil Kumar
Senthil Kumar earned 350 total points
ID: 39240596
You can open the .req file in notepad and copy the contents.

Steps are mentioned in their own site itself

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO14716&actp=search&viewlocale=en_US&searchid=1371033612198

You can also generate the CSR through power shell command

Start the Management Shell by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Shell

From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true
This command should be entered into the management shell as one line. Make sure to replace the details listed in this sample command with the details of your own organization as explained above.

Notice that the first domain name is listed inside the "-SubjectName" after "cn=" and additional domain names are added after the -DomainName parameter with commas between the additional domain names. You can add as many additional domain names as necessary.

Your CSR file will be printed to the management shell after running this command. To copy it from the management shell, you will need to right click and choose "mark". You can now paste the entire contents of the file, including the BEGIN and END tags to the DigiCert online order form when prompted.

If you want to create a CSR file automatically on your machine after running the CSR creation command, run the following line immediately after generating the file
Set-Content -path "C:\your_CSR_name.csr" -Value $Data

http://www.digicert.com/csr-creation-microsoft-exchange-2010.htm
0
 

Author Comment

by:matedwards
ID: 39240930
I can't copy & paste the binary into the Geotrust webpage.. it gives an error.

Will creating a new csr casue any problems to existing services.?

thanks again

Mat
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39240961
Hi,

Check this out!

Generate CSR Microsoft Exchange Server 2010
http://www.geocerts.com/csr/exchange_2010

Hope that helps :)
0
 

Author Comment

by:matedwards
ID: 39241040
Yep.. that is to create a new certificate.. will this impact on any existing services if it's not a renewed certificate.?

thanks

mat
0
 

Author Comment

by:matedwards
ID: 39241297
I have just incereased the size of the font in Notepad to read the contents of the .req file and realised it is Madarin or Cantonese..!! How do I change it to English..?

Notepad is working in English..

Apologies.. very confused..!!!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:matedwards
ID: 39241776
There was one other experts-exchange user who had the same problem (Q_27582268).. the .req file is encoded on Base64..
I used this website to decode it (http://www.motobit.com/util/base64-decoder-encoder.asp) and then C&P it into Geotrust website.. then got an error stating it was 1024 bit CSR and should create a 2048 bit csr..!!

Can a 2048bit csr only be done from the Exchange Management Shell..?

Thanks again

Mat
0
 

Accepted Solution

by:
matedwards earned 0 total points
ID: 39241818
I think I have found a solution..

Certificate Authorities (like Geotrust) will only accept 2048bit csr

In Exchange Management Shell type (all on one line):

Get- ExchangeCertificate -Thumbprint 'xxxxxxxxxxxxxxxx' | New-ExchangeCertificate -GenerateRequest -KeySize 2048 -PrivateKeyExportable $true


* where xxxxxxxxxxx is the thumbprint of your existing certificate. This can be easily be found by right clicking the certificate in Exchange Management Console selecting Open and then the details tab.
* the -KeySize 2048 switch ensures the 2048 bit csr even if  your existing key is 1024bit.
* it also stopped the Base64 encoding problem encountered when using the GUI.
0
 
LVL 10

Expert Comment

by:Senthil Kumar
ID: 39243637
i think i have already mentioned this in my post

"From the Exchange Management Shell command line, type the following:

New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com" -DomainName YourSecondDomain.com, YourThirdDomain.com -PrivateKeyExportable:$true"
0
 

Author Comment

by:matedwards
ID: 39243699
Thanks Kumar.. but that is to create a new certificate.. I needed to renew an existing certificate...
0
 
LVL 24

Expert Comment

by:-MAS
ID: 39250844
As guided by Kumar you can create a new CSR, renew/reissue certificate, import certificate and assign services to the new certificate.
please check these as well
1
2
0
 

Author Closing Comment

by:matedwards
ID: 39360126
To renew the certificate I had to generate the .csr from the EM command line.. as the EMC generated it in Base64. This I then submitted to the Certificate Authority. I then used to EMC gui to import the new certificate and assign the services.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now