The following instructions will guide you through the CSR generation process on Microsoft Exchange 2016. To learn more about CSRs and the importance of your private key, reference our Overview of Certificate Signing Request article. If you already generated the CSR and received your trusted SSL certificate, reference our Microsoft Exchange 2016 SSL Installation Instructions and disregard the steps below.

Notice: Microsoft has ended mainstream support for Exchange 2016 and older servers. Microsoft will provide extended support until October 2025 which only includes security updates. Microsoft recommends that you perform a legacy upgrade to Exchange 2019 CU14 now to continue receiving updates and improvements to your on-premise Exchange servers. (See Microsoft Exchange Server Roadmap Update for more information)

Generate CSR for Microsoft Exchange 2016

Generating a Certificate Signing Request on Exchange 2016 now requires command line (cmdlets) and can no longer be done through the Exchange Admin Center (EAC).

1. Open Exchange Management Shell as an administrator.

2. Create a New Certificate Request using the New-ExchangeCertificate cmdlet.

3. Use the following command to specify the subject name, domains, and other parameters:

$txtrequest = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US,o=Your Organization,cn=yourdomain.com" -DomainName otherdomain.com,andanotherdomain.com

[System.IO.File]::WriteAllBytes('\\FileServer01\Certs\yourdomain.req', [System.Text.Encoding]::Unicode.GetBytes($txtrequest))


Make sure to edit these parameters as you need them:

  • -SubjectName: includes your country (C), your organization (O), and the primary domain or "common name" (CN) for the certificate.
  • -DomainName: may include additional domains (SANs) if there are any - HOWEVER, including SANs here will not automatically add them to your certificate. If you have purchased a multi-domain SSL certificate, you must manually add SAN domains on the certificate enrollment form.
  • -File Output Path: specifies the location on your server where the CSR file will be saved.

4. Once the CSR is created, open the text file and copy/paste the full code into the online certificate enrollment form. 

After finishing the generation process for your SSL certificate, you're ready to move on to validation. Please refer to our SSL validation guides for more information on the various requirements for each type of validation level. 

When you are ready to install the certificate, please check our Microsoft Exchange 2016 SSL Installation guide.