Microsoft SMTP Server

Important Note:

Effective 1 January 2011, we will no longer support any Certificate Signing Request [CSR] generated with a 1024 bit key. This is because NIST, PKIX, WebTrust and other respective security standards no longer consider the 1024 bit key size as secure. Read more > [1]

Instructions

A CSR is a file containing your certificate application information, including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process or send it via email to your account manager in Digi-Sign:

Generate keys and Certificate Signing Request:

• Select Administrative Tools
• Start Internet Services Manager

• Open the properties window for the SMTP Server the CSR is for. You can do this by right clicking on the Default SMTP Virtual Server and selecting Properties from the menu
• Open Access by clicking the Access tab.









• Click Certificate. The following Wizard will appear:














• Click Create a new certificate and click Next.









• Select Prepare the request and click Next...









• Provide a name for the certificate; this needs to be easily identifiable if you are working with multiple domains. This is for your records only.




• If your server is 256 bit enabled, you will generate a 2048 bit key. If your server is 256 bit you can generate up to 2048 bit keys. We recommend you select the 2048 bit key if the option is available. Click Next









• Enter Organisation and Organisation Unit; these are your company name and department respectively. Click Next.









• The Common Name field should be the Fully Qualified Domain Name (FQDN) of your Mail Exchange server, for which you plan to use your Certificate, e.g. mail.yourdomain.com. If the web address to be used for SSL is mail.yourdomain.com, ensure that the common name submitted in the CSR is mail.yourdomain.com. Click Next.









• Enter your country, state and city. Click Next.









• Enter a filename and location to save your CSR. You will need this CSR to enroll for your Certificate. Click Next.









• Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be "Issued To". Your Certificate will only work on this domain. Click Next when you are happy the details are absolutely correct.




• When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form - including

-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST-----

• Click Next
• Confirm your details in the enrollment form
• Finish

To save your private key:

• Go to: Certificates snap in the MMC
• Select Requests
• Select All tasks
• Select Export



We recommend that you make a note of your password and backup your key as these are known only to you, so if you loose them we can't help! A floppy diskette or other removable media is recommended for your backup files.