Exchange 2019

3 days ago
Admin
4 minutes

Exchange Server 2019 – CSR & SSL Installation Guide

This guide outlines the steps required to generate a CSR for this server or platform.

The following guide provides a comprehensive walkthrough of the steps required to generate a CSR & import SSL certificate in Exchange Server 2019 using the Exchange Management Shell.

Create CSR request from server:

  1. The Exchange Management Shell shortcut is typically automatically added to the Start screen. If it is not available by default, or if you prefer to quickly locate and launch the Exchange Management Shell, you can employ one of these methods:

    => To access it, simply Navigate to and click an empty area of the Start screen and type “Exchange Management Shell.” When the shortcut appears in the search results, you can select it for execution.

    OR

    You can press the Windows key + Q on either the desktop or the Start screen. In the Search charm, type “Exchange Management Shell.” Once the shortcut appears in the search results, you can Navigate to and click it to access the application.When using Remote Desktop Connection, you may need to employ one of the following methods to ensure that the Search charm appears on the remote Exchange server rather than on your local computer:

    =>To achieve this, open Remote Desktop Connection and go to Show Options > Local Resources tab. Under “Apply Windows key combinations,” the default setting is “Only when using the full screen.” However, you have the option to change it to “On the remote computer.” This adjustment ensures that the Search charm appears on the remote Exchange server, not on your local computer.

  2. After logging into the Exchange server and gaining access to the Exchange Management Shell, proceed to execute the following command to generate a CSR for your domains:

    Set-Content -path "C:Certificatesyour_domain_com.csr" -value (New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "C=US, S=NY, L=City, O=OrganizationName, OU=IT, CN=www.domain.com" -Domainname mail.domain.com, autodiscover.domain.com, outlook.domain.com -PrivateKeyExportable $True)

    CSR parameters to be used as:

    C = You need to use two-character country code (i.e. US, GB, AU, FR etc.)

    S = Specify the state where your organization is located.

    L = Enter the city where your organization is located.

    O = Enter the name of your organization.

    OU = Specify the department within your organization (i.e. IT, HR, Admin, Tech etc.)

    CN = Common name of the CSR which should be your domain name (i.e. www.domain.com). In case of wildcard certificates, you should use asterisk in prefix of your domain (i.e. *.domain.com)

    -Domainname = It is subject alternative name (SAN) field of your certificate which defines additional domain names you wish to secure along with the primary CN. It should be used when you are requesting multi domain SSL certificate. For single domain SSL, SAN field should be empty.

  3. After successfully executing the command mentioned above, the CSR text file will be saved at the following location: C:Certificatesyour_domain_com.csr. You can then utilize this CSR file to request a certificate from your order configuration portal.

Import Certificate in Server:

Once all the processes related to the SSL certificate are completed and the certificate has been issued by the Certificate Authority (CA), you can proceed with importing this certificate into your Exchange server. Please note that you may need to rename the certificate file extension to .cer before initiating the import process.

  1. Once you are logged in to the server and have access to the Exchange Management Shell, you can execute the following command to import the certificate into the server:

    Import-ExchangeCertificate -FileName “C:LocationCertName.cer”

  2. After a successful import, the output should display the thumbprint and subject details of the certificate. You can then proceed with assigning services to the certificate as follows:

    Enable-ExchangeCertificate -Thumbprint “xxxxxxxxxxxxx” -Services SMTP, IIS, IMAP, POP

    Certificate parameters to be used while importing it to server

    Thumbprint = You need to copy the thumbprint which was shown while importing the certificate.

    Services = Services i.e. SMTP, IIS, IMAP, POP should be assigned accordingly which you want to allocate for this certificate

  3. To verify the successful completion of the certificate request and the installation of the certificate on the Exchange server, in Exchange Management Shell on the server where you installed the certificate, run the following command, and verify that the certificate is listed:

    Get-ExchangeCertificate | where {$_.Status -eq "Valid" -and $_.IsSelfSigned -eq $false} | Format-List FriendlyName,Subject,CertificateDomains,Thumbprint