Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-03-19

This topic explains how to use the Exchange Management Shell to generate a request for a new Secure Sockets Layer (SSL) certificate. By default, Microsoft Exchange Server 2007 is installed with a self-signed SSL certificate. Not all Exchange client applications can operate by using this self-signed certificate. This topic explains how to generate a request for a new trusted third-party SSL certificate. For more information about the types of SSL certificates and how to choose one for your organization, see Understanding SSL for Client Access Servers.

Before You Begin

To perform the following procedure, the account you use must be delegated the Exchange View-Only Administrators role and membership in the local Administrators group.

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.


To use the Exchange Management Shell to request an SSL certificate

  • Run the following command:

    Copy Code
    New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=contoso,o=Contoso Corporation," -domainname CAS01,,, -PrivateKeyExportable $true -path c:\certrequest.txt

    After you have generated the certificate request, you can submit that request to a certification authority.

    If you have to export a copy of the requested certificate to import it to a client computer or another server computer, you must use the -privatekeyexportable:$true parameter when you create the request.

For more information about syntax and parameters, see New-ExchangeCertificate.

For More Information

For more information about how to submit your request to a certification authority, see How to Obtain a Server Certificate from a Certification Authority.