Solved

How to script the import of a .pfx certificate

Posted on 2006-10-20
13
3,754 Views
Last Modified: 2008-02-07
I have a wildcard certificate and need to import it across 100+ machines. Is there a way I can do this. I looked at the certmgr.exe tool but did not see how to get this to run remotely on all machines. I had to install the SDk to get the tool.

There must be some way to do this but I cant seem to find any.


Thanks for any help
0
Comment
Question by:andrew_89
  • 7
  • 6
13 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778094
Hi andrew_89,

Others may have tidier solutions, but using certmgr in a login script would do the job.  Alternatively, you could use something like PSExec to run it remotely -> http://www.sysinternals.com/Utilities/PsExec.html

Hope that helps,

-red
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778102
Yes but doesnt the program have to be installed everywhere to use psexec. I mean I only have certmgr on one box.... and do you know what the correct syntax for certmgr is to do this.

These are all IIS boxes so how could I do a login script??
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778123
Ahh, if they are servers, dont bother with a logon script.

I doubt you will need the program installed on each machine, but you will most likely need to have the .net framework installed (which it should be already).  Test it out - copy over certmgr.exe and any other obvious dlls (like certmgr.dll if it exists :))

Here are the command line switches for certmgr -> http://msdn2.microsoft.com/en-us/library/e78byta0.aspx

As to running this command, I am not sure as I have not done it with .pfx files

-red
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 1

Author Comment

by:andrew_89
ID: 17778159
I found this script:
Option Explicit
Dim iiscertobj, pfxfile, pfxfilepassword, InstanceName, WebFarmServers, IISServer
Set iiscertobj = WScript.CreateObject("IIS.CertObj")
pfxfile = WScript.Arguments(0)
pfxfilepassword = WScript.Arguments(1)
InstanceName = WScript.Arguments(2)
WebFarmServers = split(WScript.Arguments(3), ",")
iiscertobj.UserName = WScript.Arguments(4)
iiscertobj.UserPassword = WScript.Arguments(5)
For Each IISServer in WebFarmServers
  iiscertobj.ServerName = IISServer
  iiscertobj.InstanceName = InstanceName
  iiscertobj.Import pfxfile, pfxfilepassword, true, true
Next

but I keeo getting subscript out of range errors on line 9??? any idea on this one ??
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778182
I assume you are talking about this -> http://technet2.microsoft.com/WindowsServer/en/library/f2ef3228-4a4b-4cc8-99cc-78784aa5890b1033.mspx?mfr=true

Are you following the instructions for running that?

Certimport.vbs cert.pfx pfxpassword w3svc/1 iisserver1,iisserver2,iisserver3 Administrator aal34290
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778193
Yes this is where I found it but I keep getting that error.
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778201
Okay now I followed it exaclty the way they wanted and receive the error below.

line 12
Invalid procedure call or argument
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778202
what is the command you are running?
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778234
I think I see the issue.. This .p12 file that I am trying to import was generated without a passphrase so the variable pfxpassword is not being passed. If I try to remove that variable form being passed , a different error comes back:

Wrong number of arguments or invalid property assignment:


Certimport.vbs c:\test.p12    w3svc/1 iis02,iis13,iis12 administrator  password
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17778271
try entering "" as the password - or try to get the file with a password...
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778292
either way I get

 Invalid procedure call or argument

on line 12  (iiscertobj.Import pfxfile, pfxfilepassword, true, true)

Looks like I may have to do this thing manually .......
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778329
Oky I gotit working now. I just regenerated the key with a passphrase and passed that in. It works great thanks for your help as you got me on the right direction.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778335
Excellent, glad to hear you got it sorted

-red
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question