May 2023

How to Generate a CSR for Nginx (OpenSSL) The following instructions will guide you through the CSR generation process on Nginx (OpenSSL). To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to your server’s terminal. You will want to log in via Secure Shell (SSH). Enter CSR and Private Key command Generate a private key and CSR by running the following command: Here is the plain text version to copy and paste into your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr Note: Replace “server ” with the domain name you intend to secure. Enter your CSR details Enter the following CSR details when prompted: Common Name:The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization:The full legal name of your organization including the corporate identifier. Organization Unit (OU): Your department such as ‘Information Technology’ or ‘Website Security.’ City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province: The state or province where your organization is legally incorporated. Do not abbreviate. Country:The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Note: You are not required to enter a password or passphrase. This optional field is for applying additional security to your key pair. Generate the order Locate and open the newly created CSR in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Note 1: Your CSR should be saved in the same user directory that you SSH into unless otherwise specified by you. Note 2: We recommend saving or backing up your newly generate “.key ” file as this will be required later during the installation process. Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Nginx using OpenSSL.

How to Generate a CSR for Microsoft Office Communications 2007 The following instructions will guide you through the CSR generation process on Microsoft Office Communications 2007 Server. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Office Communications Server 2007 Click Start, then select Programs, then Administrative Tools, and finally Office Communications Server 2007. Navigate to “Certificates” to start the Wizard Expand the Enterprise Edition Server snap-in. Right-click the correct Server and select Certificates. Select “Create new Certificate” Select Next on the Certificate Wizard, then select Create a New Certificate, then click next again.   Select the Prepare the request now, but send it later option Then click Next.   Specify name and bit length Enter a friendly name for your Certificate, something you will be able to reference easily later. And select 2048 as your Bit Length.   Note: If you want the certificate to be exportable, make sure to select that option on this screen. Enter your CSR details Over the next few screens of the wizard, enter the following information to complete the CSR: Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or “Website Security.” Subject Name (SN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Note: If you are dealing with a multi-domain certificate, enter your SANs on this screen as well. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. Save the CSR Select a file name and a location to save your CSR. Review your selections and close the Wizard.   Generate the order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Office Communications 2007.

How to Generate a CSR for Microsoft IIS 10 The following instructions will guide you through the CSR generation process on Microsoft IIS 10. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our IIS 10 SSL Installation Instructions and disregard the steps below. Access Server in IIS Launch IIS Manager and click the server name in the Connections menu on the left. Access Server Certificates Manager On the Home page for the server, locate the IIS section in the center window and double-click Server Certificates. The Server Certificates control panel will open in the center window. Create Certificate Request In the right-side Actionsmenu, click Create Certificate Request… The Request Certificate wizard will open in a new window. Fill out the Distinguished Name Properties: Common name: Must be a fully-qualified domain name (FQDN) like “domain.com”. Organization: Your organization’s legal name. If you do not have a company or organization, you can put another name or N/A here. Organizational unit: Your department within your organization. If you do not have an organization, put N/A. City/locality: Your city. State/province: Your state or region. This information must not be abbreviated, for example you must use “Florida” instead of “FL”. Country: Your country (select from drop-down list). Click Next when you are ready to proceed. Cryptographic Service Provider Properties On the Cryptographic Service Provider Properties page, select the following options from the drop-down menus: Cryptographic service provider: Microsoft RSA SChannel Cryptographic Provider Bit length: 2048 These are the standard options, but you may be able to select different options if needed. File Name On the File Name page, click the … box to specify a name and location to save your CSR file. The default directory is C:\Windows\System32. Click Finish when you are ready. Locate CSR on your system Navigate to the directory where you saved your CSR file and open the CSR in Notepad or your preferred text editor. Generate your SSL Certificate Return to the Generation Form on our website and paste the entire CSR into the blank text box. Then, proceed with the remainder of the order form and submit when you are ready. You should receive a vendor order ID number, and your certificate will enter the Validation process. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 10.

How to Generate a CSR for Microsoft IIS 8 The following instructions will guide you through the CSR generation process on Microsoft IIS 8. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, System and Security, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select the server where you want to generate the certificate In the left Connections menu, select the server name (host) where you want to generate the request. Navigate to Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Select Create a New Certificate In the right Actions menu, click Create Certificate Request. Enter your CSR details In the Distinguished Name Properties window, enter in the required CSR details and then click Next. Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Select a cryptographic service provider and bit length In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next. Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 8.

How to Generate a CSR for Microsoft IIS 7 The following instructions will guide you through the CSR generation process on Microsoft IIS 7. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Select the server where you want to generate the certificate In the left Connections menu, select the server name (host) where you want to generate the request. Navigate to Server Certificates In the center menu, click the Server Certificates icon under the Security section near the bottom. Select Create a New Certificate In the right Actions menu, click Create Certificate Request. Enter your CSR details In the Distinguished Name Properties window, enter in the required CSR details and then click Next. Note: To avoid common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Select a cryptographic service provider and bit length In the Cryptographic Service Provider Properties window, select Microsoft RSA SChannel Cryptographic Provider and Bit Length of 2048, then click Next. Note: Bit Length: 2048 is the current industry standard. You may choose a larger key size, but only if you have a requirement to do so, as longer key lengths increase latency and may reduce compatibility. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Finish. Generate the order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 7.

How to Generate a CSR for Microsoft IIS 5 & 6 The following instructions will guide you through the CSR generation process on Microsoft IIS 5 & 6. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Open Internet Information Services (IIS) Manager Click Start, Control Panel, Administrative Tools, and then select Internet Information Services (IIS) Manager. Navigate to Website Properties In the left menu, click + next to your local computer and then Web Sites. Right-click the website (i.e. Default Web Site) that you want to protect and click Properties. In Directory Security, select Server Certificates In the Default Web Site Properties window, select the Directory Security tab, click Server Certificate…, and then Next. Select Create a New Certificate Then click Next. Note: For renewing an existing SSL Certificate, select “Renew, Remove, or Replace your certificate” and skip to Step 7. Select Prepare request now, but send it later Then click Next. Enter a Friendly Name Enter a friendly name for your certificate, select a Bit Length of 2048, and click Next, without checking the boxes. Note: Please name the certificate something you can easily recognize in the future. This will only be an internal reference name and will not be part of your SSL certificate. Follow the wizard to enter in your organization and website information Enter your legally incorporated Organization Name and Organizational Unit such as “IT Security” and click Next. Enter your Common Name which will be the FQDN (fully qualified domain name) on your SSL certificate. Note: For Wildcard Certificates, you must add the asterisk symbol in the left furthest sub-domain (i.e. *.domainname.com) which is what enables an unlimited number of coverage at that specific level. Select the Geographic Location for your company and click Next. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.txt” file and click Next. Finish Review the Request File Summary and if changes are required, click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you com.plete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft IIS 5 & 6.

How to Generate a CSR for Microsoft Exchange 2016 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2016. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our Exchange 2016 SSL Installation Instructions and disregard the steps below. Login to Exchange Admin Center (EAC) Use a web browser to navigate to the URL of your server, i.e. https://localhost/ecp On the EAC login page, enter your domain or username and password and sign in. Navigate to “Certificates” In EAC, on the left-hand sidebar menu, click Servers, then on the menu on top of the page, click Certificates. On Certificates page, use the Select server menu to pick your Exchange 2016 server, then click the + symbol. Create New Request In  the new Exchange certificate wizard, select Create a request for a certificate from a certification authority, then click Next. Enter Friendly Name Type a Friendly name for this certificate. The friendly name is used to distinguish the certificate from other certificates with the same domain name and is not included in the certificate file. It’s recommended to include the date and certificate issuer in the friendly name so it can be easily identified. Indicate if certificate is Wildcard If you are not creating a CSR for a Wildcard SSL certificate, click next. If you are creating a Wildcard SSL CSR, check Request a wildcard certificate. The Root domain should then follow the wildcard format, e.g. *.domain.com Select which server to save request onto Store the certificate request on this server: click Browse and select the server where the certificate request should be stored. Click next. Specify Domains Select domains to include on the SSL certificate: If you are creating a wildcard SSL CSR, skip this step and click Next. Select the domains you want included on your SSL certificate. IMPORTANT: Adding additional domains on your CSR will not automatically include them on the certificate! You must list the domains on your SSL order form during the online generation step as well. Click next and the wizard will populate a list with suggested domains. You do not need to edit the list of domains on this page, it can be edited on the next page. On the next page, you may add, edit, remove, or select the domains to be included on the SSL certificate. Then click Next. Enter the CSR details Specify information about your organization: Organization name: Type your company’s registered name. If there is no associated company, type your domain, or type None. Department name: Type your department, if applicable. City/locality: Type the city/locality where you are located. State/province: Type the state, province, or region where you are located. Do not use abbreviations. Country: Select your country from the drop-down menu. Save the CSR Save the certificate request to the following file: enter a UNC path to save your CSR. You must be able to access this location to retrieve your CSR. Click Finish to save the CSR to the specified UNC path. Generate the Order Open the CSR file in a text editor (Notepad). Copy the full text block, including —–BEGIN NEW CERTIFICATE REQUEST—– header and —–END NEW CERTIFICATE REQUEST—– footer. Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our SSL validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2016.

How to Generate a CSR for Microsoft Exchange 2013 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2013. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Log in to Exchange Admin Center This can typically be accessed by going to https://localhost/ecp. Enter your Domain/Username and Password and click Sign in. Navigate to “Certificates” Click on Servers in the left menu, then select Certificates at the top right, then the + icon. Create new Request In the New Exchange Certificate wizard, select Create a request for a certificate from a Certificate Authority and then click Next. Enter a Friendly Name Enter a Friendly Name that will help you distinguish the request in the future and click Next. Note: This is only for your internal reference and not a part of the actual SSL Certificate. Indicate if certificate is Wildcard Select the check box ONLY if you are using a Wildcard Certificate (*.yourdomain.com) and if so, just enter the root domain of your certificate such as “yourdomain.com”. If not, proceed accordingly to the next screen/step. Select which server to save request onto Click Browse to select which server you want to save the request on and click Next. Specify Domains Select the Services or domains you want to include in your certificate and click Next. You can highlight the list of services or additional domains by using Ctrl+Click. Note: You can skip this step if you are using a Wildcard Certificate. Review the list of names that Exchange 2013 recommends using in your CSR and click Next. You can add, edit, or delete the names by using the +, – features provided. Enter the CSR details Then click Next. Note: To avoid the common mistakes when filling out your CSR details, reference our Overview of Certificate Signing Request article. Save the CSR Enter the directory or path where you want to save the CSR as a “.req” file and click Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2013.

How to Generate a CSR for Microsoft Exchange 2010 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2010. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch Exchange Launch Microsoft Exchange 2010 from your programs and select Exchange Management Console. Navigate to “New Exchange Certificate” Select Manage Databases on the right hand side. Select Server Configurations in the left side menu. Select New Exchange Certificate in the right side menu. Enter a Friendly Name Enter a Friendly Name when prompted in the opened window. Note: Please name the file something you can easily recognize in the future. This will only be an internal reference name and will not be part of your SSL certificate. Indicate if certificate is Wildcard In the Domain Scope menu, select the check box ONLY if you are using a Wildcard Certificate (*.yourdomain.com) and if so, skip to Step 6. If not, proceed accordingly to the next screen/step. Specify Domain Names In the Exchange Configuration menu, click the Service Options that you plan on securing and specify the Domain Name for each service. Note: The next screen will suggest names for you. You can remove them if you like by right clicking on them. Enter in the CSR Details Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Organization Name (ON):The full legal name of your organization including the corporate identifier. Organizational Unit (OU): Your department such as ‘Information Technology’ or “Website Security.” Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Save the CSR Click Browse to specify the location where you want to save the CSR as a “.reg” file and click Save. Enter a friendly name to distinguish the request in the future. Click Next, New, and then Finish. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2010.

How to Generate a CSR for Microsoft Exchange 2007 The following instructions will guide you through the CSR generation process on Microsoft Exchange 2007. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our SSL Installation Instructions and disregard the steps below. Launch Exchange Launch Microsoft Exchange 2007 from your programs and select Exchange Management Shell. Enter CSR command Copy and paste the below command in a text editor such as Notepad. New-ExchangeCertificate -GenerateRequest -KeySize 2048 -Path c:\YourCSRName.txt -SubjectName “c=US, l=YourLocalityOrCity, s=YourStateOrProvince, o=YourCompanyInc, cn=YourFirstDomain.com” -DomainName SubjectAlternativeName1.com, SubjectAlternativeName2.com -PrivateKeyExportable:$true Edit your CSR details in Notepad -Path c:\YourCSRFileName.txt: The file path where you want to save the CSR as a “.txt” file. Country Name (C):The official two-letter country code (i.e. US, CH) where your organization is legally incorporated. Locality or City (L): The locality or city where your organization is legally incorporated. Do not abbreviate. State or Province (S): The state or province where your organization is legally incorporated. Do not abbreviate. Organization Name (O):The full legal name of your organization including the corporate identifier. Common Name (CN):The FQDN (fully-qualified domain name) you want to secure with the certificate such as www.google.com, secure.website.org, *.domain.net, etc. Domain Name (DN):Use a comma(s) to separate any additional domains (Subject Alternative Name) from your primary domain name (Common Name) that you wish to secure under the same SSL certificate; if necessary. PrivateKeyExportable:$true: Leave this command marked as “$true” if you want to export the key pair and move the SSL certificate to another computer or device. Enter CSR into Exchange Management Shell Copy and paste the edited CSR details into the Exchange Management Shell utility, and press Enter. A Thumbprint should appear if the CSR was successfully created. Generate the Order Locate and open the newly created CSR from the specified location you choose in a text editor such as Notepad and copy all the text including: —–BEGIN CERTIFICATE REQUEST—– And —–END CERTIFICATE REQUEST—– Return to the Generation Form on our website and paste the entire CSR into the blank text box and continue with completing the generation process. Upon generating your CSR, your order will enter the validation process with the issuing Certificate Authority (CA) and require the certificate requester to complete some form of validation depending on the certificate purchased. For information regarding the different levels of the validation process and how to satisfy the industry requirements, reference our validation articles. After you complete the validation process and receive the trusted SSL Certificate from the issuing Certificate Authority (CA), proceed with the next step using our SSL Installation Instructions for Microsoft Exchange 2007.