When generating a UCC CSR, you must provide the country, city, state, company name, and the additional domains that you want included in the resulting UC certificate. The following is an example of the command you would enter using the Exchange Manage Shell utility:
New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname “c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com” -domainname SubjectAlternativeName1, SubjectAltName2, SubjectAltName3, SubjectAltName4 -PrivateKeyExportable $true -path c:\certrequest.txt
Where:
c
— Two-letter country code of your organization’s country of residence
l
— Full name of your organization’s locality or city
s
— Full name of your organization’s state or province
o
— Your Organization’s legally registered name (company or person’s first and last name)
cn
— The first/main Fully Qualified Domain Name (FQDN) to be secured that will always be visible in the certificate details
-domain
— The comma-separated list of additional domains that will be included in your certificate and referred to as Subject Alternative Names (SANs).
NOTE: -domainname attribute is not required to be completed during the CSR generation process. Our SSL Management console allows you to manage the SANs without generating new CS’s each time you want to add or remove a SAN.
-PrivateKeyExportable $true
— If you have to export a copy of the requested certificate to import it to a client computer or another server computer, you must use the -privatekeyexportable $true parameter when you create the request<
-path c:\certrequest.txt
— The complete path and filename where the resulting CSR file will be placed when generated
After your SSL request is vetted and your certificate is issued, download and install all the provided files. You must install all of the files on your Microsoft® Exchange Server 2007 to complete installation. For more information see Downloading an SSL Certificate.
Before you begin, make sure you are logged in to your server as Administrator.
To run multiple services securely, such as SMTP, POP, IMAP, UM, and IIS, you must use a Multiple Domain (UCC) Certificate.
NOTE: Replace CertificateFile.crt with the complete path and file name of your certificate.
NOTE: Paste the thumbprint in place of paste_thumbprint_here. Specify the services this certificate covers, using quotes. Valid service identifiers are SMTP, POP, IMAP, UM, and IIS. Do not enable services that are not in use.
Long Island Office:
10 Lucon Drive Deer Park, New York 11729
Westchester Office:
630 Saw Mill River Rd, Ardsley, NY 10502