Change the script below and you’ll have a signed certificate in no time for Exchange 2019.
This also works for Exchange 2016, but there you can still use the GUI.
# Vars
$serverName = "YourServerName"
$friendlyName = "FriendlyName"
$exportable = "$True | $False"
$subjectName = "c=COUNTRY, s=STATE, l=CITY, o=ORGANIZATION, ou=DEPARTMENT, cn=COMMONNAME"
$SANS = "san1,san2"
$signingRequestLocation = "C:\LocationOfCert\MyCertRequest.req"
$signedCertLocation = "C:\LocationOfCert\MyCert.crt"
$password = "PasswordHere"
###
# 1 - Create the CSR
$txtrequest = New-ExchangeCertificate -Server $serverName -GenerateRequest -FriendlyName $friendlyName -PrivateKeyExportable $exportable -SubjectName $subjectName -DomainName $SANS
# 2 - Export CSR
[System.IO.File]::WriteAllBytes($signingRequestLocation, [System.Text.Encoding]::Unicode.GetBytes($txtrequest))
# 3 - Sign the cert
# Sign the cert with your certificate provider online
# Once signed, download the certificate package and go to
# step 4 and import the signed cert into your Exchange 2019
# 4 - Import the signed Cert
Import-ExchangeCertificate -FileData ([System.IO.File]::ReadAllBytes($signedCertLocation)) -PrivateKeyExportable:$exportable -Password (ConvertTo-SecureString -String $password -AsPlainText -Force)
###