Getting a SAN certificate for Exchange 2007

Exchange 2007 uses SAN certificates, which allow you to mix several different server names in a single certificate. Generating a certificate can be a problem, as the PowerShell command needed to generate the certificate signing request can be long, and unwieldy – and it’s easy enough to make a mistake when typing in part of a long command.

The DigiCert web site makes it a lot easier to produce the CSR, with an online wizard that simplifies the process of building the PowerShell command you need. Go to, and you’ll find a simple online wizard.

You’ll need to have defined the server names in advance. Start with a common name like “”, and then the appropriate server alternate names, which can include the standard autodiscover address for Outlook Anywhere and internal network names. The number you can use will depend on the available name slots in the server certificate you intend to buy (usually sold with five or ten slots). You’ll also need to fill in details of your organisation, and the size key you want to use.

Once you’ve completed the form, click the Generate button. This will produce the command you’ll need to use to generate the certificate signing request – copy the PowerShell code into the Exchange Management Shell, and run. The CSR will be in the root of your servers C: drive (though you can change this by modifying the Path section of the command), ready to be passed on to a signing authority.

Link to a Relevant FeatureClick here to go to the main feature - Upgrading Small Business Server 2003 to Exchange 2007


Show other articles by this author

Share |
Write comment
security image
smaller | bigger
Comments (2)
paul Campbell
Posted: Apr, 17 2009

IT Manager

Ive been 25 years in It and i have to say this is the best mag ive read , i always look for info on 2003 and 2008 servers and most magazines are fullof usless articles.... NOT yours , i dont think i skipped one thsi month - OUTSTANDING - Keep up good work... I have recomended many to sign up.
Thanks again TOP MAG!!!
Posted: Aug, 20 2009

product manager

Also, be careful that one may need to most recent patches (April 2009?) to Outlook 2007 as earlier version did not traverse down the list of hostnames is the cert i.e. if outlook does not find the hostname its looking for first, it will pop up a cert error.



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



VisioAutoExt is a library for using Visio 2007 from C#, but even if you don’t want to write your own Visio add-ins it’s a good reference for understanding how you can automate common Visio tasks; get it at If you prefer to use VB, explains how to use OLE automation in Visio and Boxes and Arrows has an excellent guide to how to use Excel lists as the source for generating Visio diagrams at read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources