Hopefully this blog will help someone avoid spending time scratching their head wondering why their cert request is not working when submitting it to a CA. Some of you may have already figured this out but for some reason this problem never reared its head until recently. The problem and solution are pretty simple. The premise of the problem lies in generating a public certificate request for a CAS server with special or reserved characters in the company name or other field you need to populate in the certificate.
What I mean by special characters are those like commas, slashes, etc. The one that through a wrench in the works for me was a simple comma. When using the Exchange Management Shell to create the request, we ran into a problem whereby a comma in the company name (i.e. "Contoso, Ltd") caused the cert request to fail when submitted to the CA. As you know there are many commas in the subject name and various fields to populate (http://technet.microsoft.com/en-us/library/aa998840.aspx
) The CA required the comma to be there. At first, we thought it was a simple thing to fix but after many iterations of the request we finally came up with the correct syntax. What we were missing is double quotes around the "entire" company name. We obviously tried everything else we could think of before this and felt kinda dumb for not trying it sooner. Even researching this on the web proved to be futile. We had some hints of things to try but none of them panned out.
Anyway, here’s the short simple answer that will hopefully save someone else from our pitfall. We’ll use our sample company name, Contoso, Ltd as the example:
New-ExchangeCertificate -GenerateRequest -Path c:owa_contoso_com.csr -KeySize 2048 -SubjectName "c=US, s=Illinois, l=Chicago, o=""Contoso, Ltd"", ou=Messaging, cn=owa.contoso.com" -DomainName owa.contoso.com,autodiscover.contoso.com,cas.contoso.com,cas -PrivateKeyExportable $True