Create a digital certificate request
Applies to: Exchange Server 2013
In Exchange Server 2013, you can manage certificates using the EAC or the Shell. The EAC includes a new certificate management user interface. Through this new UI, you can create a new certificate, edit an existing certificate, or remove a certificate.
What do you need to know before you begin?
Estimated time to complete: 10 minutes plus time for the certification authority response.
You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Client Access server security" entry in the Clients and mobile devices permissions topic.
For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.
What do you want to do?
Use the EAC to create a new certificate request
In the EAC, navigate to Servers > Certificates.
In the Select server list, select the server for which you want to create a certificate, and then click Add .
In the New Exchange certificate wizard, choose either Create a request for a certificate from a certification authority or Create a self-signed certificate, and then select Next.
Enter a friendly name for the certificate and select Next.
If you didn’t choose a self-signed certificate and you want a wildcard certificate, select the box marked Request a wildcard certificate, enter the root domain, for example *.contoso.com, and then select Next. If you chose a self-signed certificate, skip this step.
Select the servers that you want to apply this certificate to and select Next.
Specify the domains you want to be included in your certificate and then select Next.
Verify that the included domains are correct. If you chose a self-signed certificate, select Finish. Otherwise select Next.
Enter your organization name, department name, city or locality, state or province, and country or region, and then select Next.
Enter a location to save the certificate request and select Finish.
If you didn’t select a self-signed certificate, you’ll need to send the certificate request file to the certification authority for processing.
Use the Shell to create a new certificate request
Run the following commands.
$reqfile = New-ExchangeCertificate -GenerateRequest -SubjectName "C=US,o=Contoso,cn=contosotocert" -DomainName "contoso.com" -PrivateKeyExportable $true
$reqfile | out-file c:\certreq.txt
How do you know this worked?
If you created a self-signed certificate, the newly created certificate will appear in the certificate management UI. If you created a certificate request from a certification authority, the certificate request file will be in the location you specified. Send this file to the certification authority.