Create Exchange internal/external Url based certificate requests

Exchange Server 2013Exchange Server 2016Description

This script helps to create ceritifcate requests (CSR) based on hostnames used for internal and external URLs of Exchange Server virtual directories.

The script queries Exchange Server 2013+ virtual directory hostnames to create a certificate request.

The request is created using an inf file template. You can prepare multiple template files to choose from. Template files are supposed to be stored in the same folder as the PowerShell script.

Use the resulting inf file to create the certificate request in the same directory as the PowerShell script—the script queries for the certificate’s common name (CN).

If created, the certificate request is stored in the same directory as the PowerShell script. The content of the certificate request file is the CSR to be submitted to a Certificate Authority.

INF Template file

Copy the following content to a text file, name it Default-Template.inf, and save it to the same directory as the Create-CertificateRequest.ps1 file. 

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=##COMMONNAME##" 

Exportable = TRUE ; TRUE = Private key is exportable
KeyLength = 2048 ; Valid key sizes: 1024, 2048, 4096, 8192, 16384
KeySpec = 1 ; Key Exchange - Required for encryption
KeyUsage = 0xA0 ; Digital Signature, Key Encipherment
MachineKeySet = True
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
RequestType = PKCS10 ; or CMC.
HashAlgorithm = sha256
SMIME = FALSE 

[Strings]
szOID_SUBJECT_ALT_NAME2 = "2.5.29.17"
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"

[Extensions]
%szOID_SUBJECT_ALT_NAME2% = "{text}##DNSSAN##"
%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"

Examples

# EXAMPLE 1
# Create a new certificate request inf file used dedicated organizational information. 
# The common name will be determined seperately.    

.\Create-CertificateRequest.ps1 -ModernExchangeOnly -Country DE -State NW -City Hueckelhoven -Organisation Varuna -Department IT

# EXAMPLE 2
# Create a new certificate request for Exchange 2013+ using the common name only. 
# The common name will be determined seperately.    

.\Create-CertificateRequest.ps1 -ModernExchangeOnly -CreateRequest

Version History

  • 1.0, Initial community release

Links

Follow

Cover Microsoft Exchange Server Handbuch für Administratoren - 2. Auflage
Logo Thomas' Tech & Community Talk Podcast Logo
%d Bloggern gefällt das: