Author Posts

April 8, 2015 at 10:23 am

Hello,
I was attempting to create a script that our admins could launch to help with requesting server certificates for dmz servers.
The script created the .inf file on the remote server, however when I attempt to create the request I get stuck.
I am trying to use certreq run within an invoke command but the pop up box tells me template not found or offline which makes sense it is not on domain. Normally in the manual process we click ok the .req file is generated and we continue.

However I am not able to figure how to programtically click ok nor silence the interactive mode in a manner that is not seen as a cancel. I attempted to create the .req file then add the attribute when I generate the .crt but policy gripes because that offline template is not an attribute within the .req

I know this is not directly powershell but any help would be appreciated. Thank you

$Path = "C$\Temp\CertRequests"
$CertificateAuthority = "certs.test.com\Test Issuing CA99”

 $item = "externalServer.test.dmz"
        $Managementserver = "internalServer.test.com"
        $FQDN = (ping $item -n 1 | % {$_.split(" ")[1]})[1] #.Item(1)
        $domain = $FQDN.split(".",2)[1]
        If(-not(Test-Path -LiteralPath "\\$FQDN\$Path\")){
            New-Item -ItemType Directory -Path "\\$FQDN\$Path\"
        }
        If(-not(Test-Path -LiteralPath "\\$Managementserver\$Path\")){
            New-Item -ItemType Directory -Path "\\$Managementserver\$Path\"
        }
        $clientRequestText = 
@"
            [NewRequest]
            Subject="CN=$FQDN"
            Keylength=2048
            KeySpec=1
            KeyUsage=0xf0
            MachineKeySet=TRUE
            [RequestAttributes]
            CertificateTemplate=TestOfflineComputer
"@
        Invoke-Command -ComputerName $FQDN -ScriptBlock {
            param ($FQDN,$clientRequestText,$Path) New-Item "\\$FQDN\$Path\$FQDN.inf" -type file -force -value $clientRequestText
        } -ArgumentList $FQDN,$clientRequestText,$Path
        Invoke-Command -ComputerName $FQDN -ScriptBlock {
            param ($FQDN,$Path) certreq.exe –new -f -q "\\$FQDN\$Path\$FQDN.inf" "\\$FQDN\$Path\$FQDN.req"
        } -ArgumentList $FQDN,$Path

April 10, 2015 at 5:08 am

In case anyone else runs into a hiccup from a non domain computer.
I had to leave the template entry out of the inf file. then once copied to the internal server run the command

Invoke-Command -ComputerName $Managementserver -ScriptBlock {
            param($FQDN,$Managementserver,$Path) certreq.exe -submit -attrib "CertificateTemplate:OfflineComputer" -config "$CertificateAuthority"  "\\$Managementserver\$Path\$FQDN.req" "\\$Managementserver\$Path\$FQDN.crt"
        }

Ensure you have a : after certificate template not a =

Sometimes its the simply things that drive us the craziest.