Getting a SAN certificate for Exchange 2007

Exchange 2007 uses SAN certificates, which allow you to mix several different server names in a single certificate. Generating a certificate can be a problem, as the PowerShell command needed to generate the certificate signing request can be long, and unwieldy – and it’s easy enough to make a mistake when typing in part of a long command.

The DigiCert web site makes it a lot easier to produce the CSR, with an online wizard that simplifies the process of building the PowerShell command you need. Go to, and you’ll find a simple online wizard.

You’ll need to have defined the server names in advance. Start with a common name like “”, and then the appropriate server alternate names, which can include the standard autodiscover address for Outlook Anywhere and internal network names. The number you can use will depend on the available name slots in the server certificate you intend to buy (usually sold with five or ten slots). You’ll also need to fill in details of your organisation, and the size key you want to use.

Once you’ve completed the form, click the Generate button. This will produce the command you’ll need to use to generate the certificate signing request – copy the PowerShell code into the Exchange Management Shell, and run. The CSR will be in the root of your servers C: drive (though you can change this by modifying the Path section of the command), ready to be passed on to a signing authority.

Link to a Relevant FeatureClick here to go to the main feature - Upgrading Small Business Server 2003 to Exchange 2007


Show other articles by this author

Share |
Write comment
security image
smaller | bigger
Comments (2)
paul Campbell
Posted: Apr, 17 2009

IT Manager

Ive been 25 years in It and i have to say this is the best mag ive read , i always look for info on 2003 and 2008 servers and most magazines are fullof usless articles.... NOT yours , i dont think i skipped one thsi month - OUTSTANDING - Keep up good work... I have recomended many to sign up.
Thanks again TOP MAG!!!
Posted: Aug, 20 2009

product manager

Also, be careful that one may need to most recent patches (April 2009?) to Outlook 2007 as earlier version did not traverse down the list of hostnames is the cert i.e. if outlook does not find the hostname its looking for first, it will pop up a cert error.



Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010



You want the PCs you support to have the right time for more reasons than keeping the users happy; for one thing, if every PC has a slightly different time, finding which version of a file was updated most recently gets much more complicated. Get your head around the Windows Time Service at, get the commands for making a PC get its time from the domain at and if you want a an alternative time server use to get the time from a random time server in the NTP Pool Project (read about the project at read more


Unified communications


The #1 Bestseller for Only 77p

Key resources

Login to view Key Resources