The following instructions will guide you through the CSR generation process on Microsoft Exchange 2016. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our Microsoft Exchange 2016 SSL Installation Instructions and disregard the steps below.
Notice: Microsoft has ended mainstream support for Exchange 2016 and older servers. Microsoft will provide extended support until October 2025 which only includes security updates. Microsoft recommends that you perform a legacy upgrade to Exchange 2019 CU14 now to continue receiving updates and improvements to your on-premise Exchange servers. (See Microsoft Exchange Server Roadmap Update for more information)
Generate CSR for Microsoft Exchange 2016
1. Generating a Certificate Signing Request on Exchange 2016 now requires command line (cmdlets) and can no longer be done through the Exchange Admin Center (EAC).
2. Open Exchange Management Shell as an administrator.
3. Create a New Certificate Request using the New-ExchangeCertificate cmdlet.
4. Use the following command to specify the subject name, domains, and other parameters:
$req = New-ExchangeCertificate -GenerateRequest -FriendlyName "Exchange2016Cert" -KeySize 2048 -SubjectName "C=US, O=YourOrganization, CN=mail.yourdomain.com" -DomainName mail.yourdomain.com, autodiscover.yourdomain.com, webmail.yourdomain.com -PrivateKeyExportable $true -RequestFile "C:\CSR\exchange2016.csr"
Make sure to edit these parameters as you need them:
- FriendlyName: a name to help you identify the request, will not be included on the certificate.
- SubjectName: includes your country (C), your organization (O), and the primary domain or "common name" (CN) for the certificate.
- DomainName: includes all domain names that should be covered by the certificate - note that you will also need to enter the additional domains separately on the online certificate enrollment form.
- RequestFile: this is the directory on your server where the certificate request file will be saved.
5. Once the CSR is created, open the text file and copy/paste the full code into the online certificate enrollment form.
After finishing the generation process for your SSL certificate, you're ready to move on to validation. Please refer to our SSL validation guides for more information on the various requirements for each type of validation level.
When you are ready to install the certificate, please check our Microsoft Exchange 2016 SSL Installation guide.