Normally during the Exchange 2007 build process, generating the certificate requests is generally a no brainer. But a tiny, but not insignificant, comma threw a rather large monkey wrench into a recent engagement.
This particular client had a contract with a large commercial certificate authority and the bussiness name the registered had a comma in it: contoso, Inc.
Generating a CSR without a comma was not an option, since the certificate authority would not accept such requests. The contract with the CA was rather large, and getting them to modify the company name was not realistic. Plus, we were under a time crunch and needed the certs ASAP.
Earlier that day we had generated SSL certificates for our ISA servers using the IIS 6.0 CSR generator and it didn’t barf on the comma. But not so with the Exchange 2007 CSR generator. Specifically, we needed the o= subject name parameter to contain the full name of the company. For example, o=Contoso, Inc.
Enclosing the organization parameter in single quotes, double quotes, using ASCII escape characters, hex codes, all failed miserably. The trick is to use double double quotes: o=""Contoso, Inc.""
A full example of the certificate request is shown below:
New-ExchangeCertificate -GenerateRequest -Path c:cas.csr -KeySize 2048 -SubjectName "c=US, s=CA, l=OceanBeach, o=”"Contoso, Inc.”", ou=Messaging, cn=owa.contoso.com" -DomainName owa.contoso.com,autodiscover.contoso.com -PrivateKeyExportable $True
Pretty simple after you know the ‘double double’ trick!
