I need help generating a CSR for a Subject Alternative Name (SAN) SSL certificate to protect a new Exchange 2007 server. My main requirements are that Outlook Anywhere and OWA must work without any errors or warnings. It would be nice if the Outlook Anywhere Autodiscover service worked for Outlook 2007 clients as well.
I know there are many examples of the proper syntax for generating the CSR, but most examples assume that your Windows domain is named the same as your web domain. Here is what I think are the relevant pieces of information:
- Internal Windows domain name: internalDomain.local
- External web domain: externalDomain.com
- Exchange Server computer name: Ex2k7
- I would like to use 2048 bit SSL, unless there is a reason to use 1024
- Exchange 2007 is running on a Server 2008 box
My remote clients will connect to my new Exchange server at mail.externalDomain.com.
My certificate was purchased from GoDaddy, and it works for OWA, but Outlook Anywhere is broken. If somebody could help me with the correct syntax for generating a CSR for my situation I would like to rekey my certificate.
Best Answer
This is the correct syntax to use in the Exchange Management Shell for Exchange 2007 running on Server 2008. This command assumes that your Windows domain and web domain are not the same. If they are the same, you don't need to list as many Subject Alternative Names.
New-ExchangeCertificate -GenerateRequest -Path c:\cert.csr -KeySize 2048 -SubjectName "c=Whois Country, s=Whois State, l=Whois City, o=Whois Organization Name, cn=mail.externaldomain.com" -DomainName exchangeServerName, exchangeServerName.internalDomain.local, autodiscover.externalDomain.com, autodiscover.internalDomain.local -PrivateKeyExportable $True