Here are two examples of a CSR. The first from the Digicert Wizard and the second from Get-Help New-ExchangeCertificate: New-ExchangeCertificate -GenerateRequest -Path c:\mail_mydomain_org.csr -KeySize 2048 -SubjectName "c=US, s=Washington, l=Seattle, o=Contoso, cn=mail.mydomain.org" -DomainName mail.mydomain.org, autodiscover.mydomain.org, MailServer1.mydomain.local, MailServer1 -PrivateKeyExportable $True New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req -SubjectName "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true Question 1 I have also seen: -GenerateRequest:$True Can the value be omitted because the default is "True"? Question 2 How many different extensions are valid for the resulting file? I have seen: .txt .reg .csr Am I correct in thinking that all 3 are valid extensions when submitting the request to a Cert Authority?

On Sun, 30 Jan 2011 22:16:19 +0000, Le Pivert wrote: > > >Here are two examples of a CSR. The first from the Digicert Wizard and the second from Get-Help New-ExchangeCertificate: > >New-ExchangeCertificate -GenerateRequest -Path c:\mail_mydomain_org.csr -KeySize 2048 -SubjectName "c=US, s=Washington, l=Seattle, o=Contoso, cn=mail.mydomain.org" -DomainName mail.mydomain.org, autodiscover.mydomain.org, MailServer1.mydomain.local, MailServer1 -PrivateKeyExportable $True > >New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req -SubjectName "c=ES, o=Diversin de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true > >Question 1 > >I have also seen: -GenerateRequest:$True > >Can the value be omitted because the default is "True"? The default is to generate a self-signed certificate, not a certificate request (if you omit the "-GenerateRequest"). You can omit the "$true" because the presence of the switch "-GenerateRequest" implies a value of "$true". However, as a disliker of default values, I've always provided a ":$true" immediately after any switch name just so there's no doubt in anyone's mind what the value should be. >Question 2 > >How many different extensions are valid for the resulting file? Use .csr as the file extension. The file is just a text file, but the ..csr makes it clear that the content is a certificate request. [ snip ] >Am I correct in thinking that all 3 are valid extensions when submitting the request to a Cert Authority? I don't think it make a difference to the CA, but if you see a file with a .reg extension you're not going to recognize it for what it is. And if you try to launch the file it'll generate an error becasue regedit won't recognize the contents. Just stick with .csr and be happy. ;-) --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, For question 2, most of Cert Authorities request you upload a CSR file to in order to get the certificate. But you can also post the content of the CSR file (If the CA website supports) such as: -----BEGIN NEW CERTIFICATE Request----- QWEJQKLEJQILJEIQOEJQEKQBAzANBgkqhkiG9w0BAQUFADBFMQs DLAKDOAION2823HJNDKGHYGA1UEChMPR1RFIENvcnBvcmF0aW 9uMRwwGgYDVQQDExNHVEUgQ3liZXJUcnVzdCBSb290MB4XD YwZDAPBgNVHRMECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBB jBBBgNVHR8EOjA4MDagNKAyhjBodHRwOi8vY2RwLmJhbHRp bW9yZS5jb20vY2dpLWJpbi9DUkwvR1RFUm9vdC5jZ2kwDQY JKoZIhvcNAQEFBQADgYEAgbZwffFU+FjjNYTSoUFyRAAysI auOknVaLteQPQJxBGLMhXGdfejVBTWLb1UTFBQXNNCiqm8C o+dYikuVB+0/1habRkb+k4vFe6tn5IvQMnfhZbSJNoXn5Il GVDWQYlfC0/R1wjfv+U6rzTJbJ7WXX0Ka5jKLKuckXNvu7E qOA4= -----END NEW CERTIFICATE Request----- Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks Gen Lin-MSFT

Gen Lin, Yes, in the past, I've had to paste the content of the .csr (or .reg or .txt) file into a sort of textbox on the CA's website as you said. Thank you for the clarification.