requesting certificate?

This topic contains 1 reply, has 1 voice, and was last updated by  Jason McMahan 2 years, 6 months ago.

  • Author
  • #24083

    Jason McMahan

    I was attempting to create a script that our admins could launch to help with requesting server certificates for dmz servers.
    The script created the .inf file on the remote server, however when I attempt to create the request I get stuck.
    I am trying to use certreq run within an invoke command but the pop up box tells me template not found or offline which makes sense it is not on domain. Normally in the manual process we click ok the .req file is generated and we continue.

    However I am not able to figure how to programtically click ok nor silence the interactive mode in a manner that is not seen as a cancel. I attempted to create the .req file then add the attribute when I generate the .crt but policy gripes because that offline template is not an attribute within the .req

    I know this is not directly powershell but any help would be appreciated. Thank you

    $Path = "C$\Temp\CertRequests"
    $CertificateAuthority = "\Test Issuing CA99”
     $item = "externalServer.test.dmz"
            $Managementserver = ""
            $FQDN = (ping $item -n 1 | % {$_.split(" ")[1]})[1] #.Item(1)
            $domain = $FQDN.split(".",2)[1]
            If(-not(Test-Path -LiteralPath "\\$FQDN\$Path\")){
                New-Item -ItemType Directory -Path "\\$FQDN\$Path\"
            If(-not(Test-Path -LiteralPath "\\$Managementserver\$Path\")){
                New-Item -ItemType Directory -Path "\\$Managementserver\$Path\"
            $clientRequestText = 
            Invoke-Command -ComputerName $FQDN -ScriptBlock {
                param ($FQDN,$clientRequestText,$Path) New-Item "\\$FQDN\$Path\$FQDN.inf" -type file -force -value $clientRequestText
            } -ArgumentList $FQDN,$clientRequestText,$Path
            Invoke-Command -ComputerName $FQDN -ScriptBlock {
                param ($FQDN,$Path) certreq.exe –new -f -q "\\$FQDN\$Path\$FQDN.inf" "\\$FQDN\$Path\$FQDN.req"
            } -ArgumentList $FQDN,$Path
  • #24135

    Jason McMahan

    In case anyone else runs into a hiccup from a non domain computer.
    I had to leave the template entry out of the inf file. then once copied to the internal server run the command

    Invoke-Command -ComputerName $Managementserver -ScriptBlock {
                param($FQDN,$Managementserver,$Path) certreq.exe -submit -attrib "CertificateTemplate:OfflineComputer" -config "$CertificateAuthority"  "\\$Managementserver\$Path\$FQDN.req" "\\$Managementserver\$Path\$FQDN.crt"

    Ensure you have a : after certificate template not a =

    Sometimes its the simply things that drive us the craziest.

You must be logged in to reply to this topic.