Share via


Exchange 2019 - Create a CSR with PowerShell and Import Certificate

In Exchange 2019, you can generate a new CSR and then import the signed certificate from your registrar like Digicert or RapidSSL or Godaddy etc.

To generate a CSR in Exchange 2019, you can run the following command from the Exchange Management Shell (EMS):

  • $cert = New-ExchangeCertificate -GenerateRequest -SubjectName "C=ZA,o=thexchangelab,cn=thexchangelabcert" -DomainName "thexchangelab.com" -PrivateKeyExportable $true

http://everything-powershell.com/wp-content/uploads/2019/01/cert1.png

Once the command has run, you can now run the following command to export the information to a text file:

  • $cert | out-file c:\Installs\certreq.txt

http://everything-powershell.com/wp-content/uploads/2019/01/cert2.png

Now if we head over to the location that we specified in the second command we will see the generated CSR:

https://i2.wp.com/everything-powershell.com/wp-content/uploads/2019/01/cert3.png?fit=1024%2C577

Once we have received our new file from our provider, we can complete the request by running the following command:

  • Import-ExchangeCertificate -FileName "C:\Location\CertName.cer"

http://everything-powershell.com/wp-content/uploads/2019/01/cert4.png

As you can see, it is now imported, the last step is to assign services to the certificate which you can achieve by running this command:

  • Enable-ExchangeCertificate -Thumbprint "xxxx" -Services SMTP,IIS

http://everything-powershell.com/wp-content/uploads/2019/01/cert5.png

You will be prompted if you want to overwrite the default certificate, you can choose yes and all will be completed.