Exchange 2019 - Create a CSR with PowerShell and Import Certificate
In Exchange 2019, you can generate a new CSR and then import the signed certificate from your registrar like Digicert or RapidSSL or Godaddy etc.
To generate a CSR in Exchange 2019, you can run the following command from the Exchange Management Shell (EMS):
- $cert = New-ExchangeCertificate -GenerateRequest -SubjectName "C=ZA,o=thexchangelab,cn=thexchangelabcert" -DomainName "thexchangelab.com" -PrivateKeyExportable $true
http://everything-powershell.com/wp-content/uploads/2019/01/cert1.png
Once the command has run, you can now run the following command to export the information to a text file:
- $cert | out-file c:\Installs\certreq.txt
http://everything-powershell.com/wp-content/uploads/2019/01/cert2.png
Now if we head over to the location that we specified in the second command we will see the generated CSR:
https://i2.wp.com/everything-powershell.com/wp-content/uploads/2019/01/cert3.png?fit=1024%2C577
Once we have received our new file from our provider, we can complete the request by running the following command:
- Import-ExchangeCertificate -FileName "C:\Location\CertName.cer"
http://everything-powershell.com/wp-content/uploads/2019/01/cert4.png
As you can see, it is now imported, the last step is to assign services to the certificate which you can achieve by running this command:
- Enable-ExchangeCertificate -Thumbprint "xxxx" -Services SMTP,IIS
http://everything-powershell.com/wp-content/uploads/2019/01/cert5.png
You will be prompted if you want to overwrite the default certificate, you can choose yes and all will be completed.