SSL Certificates Help

Exchange Server 2013: Generate CSRs (Certificate Signing Requests)

Before you can request a certificate through our online application, you need to use the Exchange Admin Center to generate a Certificate Signing Request (CSR) for your website.

If you need to secure more than one domain name, we recommend that you use a Multiple Domain Unified Communications Certificate (UCC) with your Microsoft® Exchange Server. For more information, see What is a Multiple Domain (UCC) SSL certificate?

To Generate a Certificate Signing Request - Exchange Server 2013

  1. Log in to the Exchange Admin Center.
  2. From the left menu, select Servers, and then click Certificates.
  3. Click + to start the Exchange Certificate wizard.
  4. Select Create a request for a certificate from a certification authority, and then click Next.
  5. Enter a friendly name to identify this certificate, and then click Next.
  6. If your CSR is for a wildcard certificate, select Request a wildcard certificate, enter the root domain name, and then click Next. Otherwise, click Next without selecting or entering anything.
  7. For Store certificate request on this server, click Browse, select a server to store the pending certificate request, click OK, and then click Next.
  8. Select an Access type (such as Outlook Web App or OWA), click Edit (pencil icon), enter the domain name that clients will use to connect to it, and then click OK. If necessary, repeat the process to secure additional services, and then click Next.

    Note: To select services, you must know exactly how your server is configured. If you want multiple services to use the same domain name (for example, if OWA, OAB, and EWS all use mail.exchange2013.com), you only have to enter the domain name for one of the services. Click Delete (trash icon) to remove any domain names that the SSL certificate doesn’t cover.

  9. Select and/or add the domain names (also know as Subject Alternative Names or SANs) that you will use to reference or connect to your Exchange server, and then click Next.
  10. Add your organization’s information, and then click Next:
    • Organization name — Enter the full legal name of your company or organization.
    • Department name — Enter the organization within the company (such as IT Department) responsible for the certificate.
    • Country/Region name — Select the country where the organization is legally registered.
    • City/Locality — Enter the full name of the city where your organization is registered.
    • State/Province — Enter the full name of the state or province where your organization is registered. If you do not have a state or province, enter your city information.
  11. Enter a valid path (such as \\myserver\admin\csr.req) to save your CSR on your computer, and then Finish. Your pending certificate request displays in the Exchange Admin Center.

What's Next?

Now that you’ve generated the CSR, you must enter it in your account with us to request the SSL certificate. Then, complete the process by downloading and installing the certificate.

  1. Locate, copy, and paste the CSR into our online application to request the SSL certificate.

    Note: To get a copy, right-click the .req file, select Open With, and then select a text editor like Notepad.

    Paste all of the text, including ----BEGIN NEW CERTIFICATE REQUEST---- and ----END CERTIFICATE REQUEST----, in our online application.

  2. Once we approve your application, download the primary and intermediate certificate.
  3. Install the certificate by completing the pending request, importing the certificate file, and selecting the services to which the certificate applies.

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.