Mostly writing this for my own benefit as I have to do this a couple times a year and always have to look it up. By default if you request a new or renewed certificate signing request on Exchange 2010, it comes out as a binary file that almost no certificate authority accepts. They want a base 64 encoded file instead.
It’s easy to convert the binary file to base 64 though using the certutil utility using the encode option.
certutil -encode C:\renewal.req C:\renewal.csr
This command encodes the binary file renewal.req into a base 64 encoded file renewal.csr that will work with any certificate authority.