Knowledgebase: Symantec
Certificate Signing Request (CSR) Generation Instructions - Microsoft Exchange 2010
Posted by Gareth S on 30 October 2012 07:08 AM


Watch a video demo to easily generate a Certificate Signing Request (CSR) on a Microsoft Exchange 2010 server


To generate a CSR for Microsoft Exchange 2010, use the Exchange Certificate Wizard.  Please perform the following steps:

  1. Open the Exchange Management Console by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
  2. Select Manage Databases

  3. Select Server Configuration in the left menu, and then New Exchange Certificate from the actions menu on the right.
  4. When prompted for a friendly name, enter a name by which you can easily remember and identify this certificate. This name is used for identification only and does not form part of the CSR.
  5. Under Domain Scope, leave the option to Enable wild card certificate unchecked and click Next.
    Note: If you are requesting a Wildcard Certificate, select this option, click Next, and proceed to Step 8.
  6. In the Exchange Configuration menu, select the services that will be secured, and enter the URLs used to connect to those services. 
  7. Click Next.
  8. In the Certificate Domains section, Exchange 2010 will provide a list of domains to include in your certificate request.  
    Note: Symantec enrollment pages will only recognize the URL that you Set as common name.  It is recommended that you delete / remove the other URLs in this list.  You will need to manually enter these URLs as Subject Alternative Names (SANs) when enrolling for the certificate (at Step 16).
  9. Click Next.
  10. In the Organization and Location section, please provide the following information:
    • Organization: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    • Organizational unit: This field is the name of the department or organization unit making the request.
    • Country/region: Use the two-letter code without punctuation for country, for example: US or CA.
    • City/locality: The Locality field is the city or town name, for example: Berkeley.
    • State/province: Spell out the state completely; do not abbreviate the state or province name, for example: California.

  11. Click Next.
  12. Click Browse to save the CSR to your computer as a .req file, then click Save.
  13. Click Next > New > Finish.
  14. You will now be able to open the CSR with notepad. Copy everything from the first - of the BEGIN line right through to the last - of the END line into the online order form.
  15. Verify you CSR
  16. Proceed to Enrollment:

    How to Enroll for Certificate Using Subject Alternative Names:
    • To enroll from a Symantec Trust Center, please see the following solution SO12322
    • To enroll from a Managed PKI for SSL (MPKI) account, please see the following solution SO11051


Symantec Corporation has made efforts to ensure the accuracy and completeness of the information in this document. However, Symantec Corporation makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. Symantec Corporation assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, Symantec Corporation assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Symantec Corporation reserves the right to make changes to any information herein without further notice.

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
Leave Your Feedback:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

© 2012 All rights reserved • Privacy PolicyTerms of Service