How to create a certificate request for an Exchange 2007 UCC
This will be of some use to those of you thinking of moving to Exchange 2007 in the near future and allowing external access to Outlook Web Access and other features.
Because Exchange 2007 relies of a different certificate type, the Unified Communications Certificate, which has 'alternative' credentials i.e. the certificate contains multiple host names.
As you will have to order your certificate online you will first need to generate the certificate request, and Microsoft wanting to make things easy insist that you have to use the Exchange Management Shell to generate it. You should use the following command (ensuring you are logged on as an Exchange administrator):
This should generate the text you need to paste into the online order form.
New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=servername, CN=exchange.yourdomain.ac.uk" -Path c:\certreq.req
The forms should also ask you for the alternative names you will need. These should reflect the server name, domain name, external FQDN name and the new 'autodiscover' url as shown below:
webalias.yourdomain.ac.uk (in case you use a reverse proxy or different external name for your server)
These reflect the services and roles both internal and external that Exchange 2007 uses SSL for.
I just thought you should be aware of all of this before you begin to migrate.