Hi everyone, I am using exchange server 2013, I am using third party SSL cert, i need to delete it as i am facing issue installing certificate on our website so i need to  create a new csr for exchange, Please do guide me how to create a new csr from EMS.
All my urls are mail.mydomain.com, so i would like to go with the below san names, mail.mydomain.com, autodiscover.mydomain.com and legacy.mydomain.com 
Do i need the SAN name mydomain.com for exchange server?.Please guide me how to create csr

Create your CSR with the New Exchange Certificate Wizard

• Access the Exchange Admin Center by opening a browser and browsing to https://localhost/ecp
  
• Login using Domain\user name as the format for the user name and enter your password.
  
• Click the link to Servers in the left column, then Certificates at the top right, then the + symbol.
  
• The "new exchange certificate" wizard will appear in a pop-up window
• Choose "Create a request for a certificate from a certification authority"
• In the friendly name field, enter a name by which you will remember this certificate in the future.
  This name is not an integral part of your certificate request.
• You can check the box and enter the root domain name if you will be generating the CSR for a wildcard. Otherwise, just go to the next screen.
  
• Hit Browse to choose which server you want to store the certificate request on.
• If you are doing a wildcard cert, you will skip this step. From the list, select the services which you plan on running securely by using Ctrl+Click to highlight the services.
• At the next screen, you will be able to review a list of the names which Exchange 2013 suggests you include in your certificate request.
  Review those names and add any extra names by using the + button.
• Your Organization name should be the full legal name of your company.
  Your Department name is your department within the organization.
  If you do not have a state/province, enter the city information again.
• Enter a network share path to save the CSR to your computer as a .req file, then Finish.
  
• You should now be able to open the CSR with notepad or wordpad, and you will want to copy the entire body of that file into the online order process.
  
• After you receive your SSL Certificate from DigiCert, you can install it.

Hope these steps works for you and easily help to install certificate and generate CSR

For Third party Certificate Renewal

For renewing the third-party certificate, we need to apply a new certificate request from the third-party CA, then import the certificate to the Exchange servers and enable the related service (IIS, IMAP, POP, and SMTP) on the Exchange servers.

Follow the below steps:

Step 1: Obtain an SSL certificate. Purchase an SSL certificate from a well-known certification authority (CA).

Step 2: Generate and submit the certificate request: create a new certificate request for Secure Sockets Layer (SSL) services.

1. Open Exchange Management Shell
2. Run the following command, replace domain name and friendly name with your domain name and display name, and then run below command:

New-ExchangeCertificate -GenerateRequest -SubjectName C=US, S = Contoso, L = Toybox, O = Test, OU = IT, CN = mail.contoso.com -domainname mail.contoso.com, Mail.ad.contoso.com, Webmail.contoso.com  -FriendlyName mail.contoso.com -privatekeyexportable:$true -path c:\cert.txt

IMP Note:

DomainName is used to populate one or more domain names (FQDNs) or server names in the resulting certificate request. We can replace domainname according to our own environment.

FriendlyName is used to specify a display name for the resulting certificate. The display name must be lesser  than 64 characters.

In SubjectName property, we can use the proper subject name by our own environment: c for country/region name, o for organization name and cn for common name.

3. Submit the request to the certification authority and have the CA generate the certificate

Step 3: Enable the certificate on the Default Web site after your certificate has been generated, you must import it and then enable the certificate on the Default Web site.

1. From the computer where step 2 was run, import the certificate. To import the certificate, open EMS and run the below cmdlet

Import-ExchangeCertificate -path c:\cert.cer

Note: c:\cert.cer is the location and name of our certificate in my example.

2. Copy the thumbprint of the certificate, which is the digest of the certificate data.
3. Enable the certificate on the Default Web site, run the cmdlet in EMS and paste the copied thumbprint to the following cmdlet:

Enable-ExchangeCertificate -thumbprint <copied thumbprint value> -services IIS,IMAP,POP,SMTP

Note: Using the enable-ExchangeCertificate cmdlet will update the certificate mapping and replace the existing certificate that is configured in IIS, IMAP4, POP3, SMTP.

Step 4: Require the Client Access server virtual directories to use SSL

Step 5: Perform an IIS reset. Try browsing OWA and see if you get any errors

You can use this tool to generate command to create  CSR.
Sample you can see in the same file as separate sheet

http://gallery.technet.microsoft.com/Exchange-20072010-and-2013-17a0b52f

Hi,

Use DIGIcert tool.