To secure exchange server i though of installing SSL certificates, but i don’t want to buy certificates from Certificate Authorities. Reason is simple no one except my employees use web mail so no one care even if it shows red cross mark in the address bar.

So i simply generated SSL Certificates on my ubuntu machine and used.  You want to self-signed certificates too ? then give a try.

In real person who wants to buy certificates, has to generate CSR (Certificate Signing Request) during creation of which you’ll give details like , country, company name, email id etc …. and CSR will be sent to GoDaddy or any Certificate Authority from whom you want to buy certificates.

To generate CSR first rsa private keys has to be generated as below. 
ubuntu@ubuntu:~/Desktop/SSL$ openssl genrsa -des3 -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...................................................+++
..................................................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
private key is ready but here is an optional set, that is rsa private key has passphrase which you typed above inconvenience is if you are creating certificates for apache server you will be prompted for the same passphrase every time you restart the service.

So if you are doing this for web server and don’t want passphrase this, do these steps.

Before removing passphrase i want to take backup of it.
cp server.key server.key_withpass

Now let’s generate another key without passphrase, enter passphrase which you have given while generating first rss private key. 
ubuntu@ubuntu:~/Desktop/SSL$ openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
Since we don’t want passphrase use the last key “server.key” without passphrase and generate CSR. During this process you’ll be prompted for few details like Country, State, Companyname etc . Fill it and generate CSR.
ubuntu@ubuntu:~/Desktop/SSL$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
cooo, so far we are good with all the required keys and files to buy or generate self signed certificates.

If you want to buy certificate from third party, give send “server.key” and “server.csr” to them for ex: GoDaddy and they’ll verify you documents and details to send you certificate. 

but i want self-signed one right ? let’s do it. 
ubuntu@ubuntu:~/Desktop/SSL$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key
that’s all our certificate “server.crt” is ready.
gil ..