When using the Exchange Management Console (EMC) or the default parameters
in the Exchange Management Shell (EMS) to create or renew a certificate
signing request (csr), the request file will be binarry coded.

Most Public Certificate Authorities will not accept this format to request a
new certificate, so you will have to convert it into Base64.

You can do this in two ways.

1. Using the EMS, add the “-BinaryEncoded:$False” parameter when using
the “New-ExchangeCertificate” cmdlet.
2. Convert the csr file afterwards using the certutil command

For example, if the csr is named NewCertificateRequest.req and store in
C:temp, the command is this:

certutil -encode C:tempNewCertificateRequest.req
C:tempNewCertificateRequest_base64.req