Error in Exchange 2013 Certificate Wizard

By admin on June 18th, 2013

Update: This issue have been fixed in CU2

As part of an Exchange 2013 deployment I used the Exchange Admin Center, EAC, to create a request a new certificate today. The whole process of doing that is described in numerous places on the web (like here) so I wont go into details about that but I will mention a fact that came as a bit of a surprise to me….

After all the “hard work” with getting all namespaces correct the only part left was to enter the details of the customer. In this part you type in information about Organization name, Department, where you are located and so on. Normally this doesn’t present a huge challenge for me but when I for the second time got the request file back from the certificate provider telling me to enter the organization name correct I asked my self if I had gone totally bananas… But as I soon discovered the wizard in Exchange 2013 actually switches two fields… What you enter in “Organization name” will in the request file be presented in  “Department name” and vice versa.

So in the example below (picture taken from Digicert link above), “Your Company Inc” would in the request end up in the department feels and “IT” where your organization name should have been.

exchange-2013-csr-9

This error is present in Exchange 2013 RTM and CU1 but the team over in Redmond know about the issue so I expect this to be fixed in future releases.

So what is the real impact of this problem? I would say very little besides the fact that some certificate provider, like my customers today, maybe won’t issue a certificate if the check all the details carefully. Once you have your cert, even if it has the two fields mixed up, it will work just as expected so no huge issue but something to be aware about.

Update: I forgot to mention that this issue won’t happen if you generate your request from Exchange Management Shell! Thanks for the reminder Dave! And while I’m thanking I should say a thank you to TRUSTZONE as well who twice rejected our requests, wouldn’t have seen this other ways.

Happy 443!



Leave a reply

You must be logged in to post a comment.