Solved

How to script the import of a .pfx certificate

Posted on 2006-10-20
13
3,725 Views
Last Modified: 2008-02-07
I have a wildcard certificate and need to import it across 100+ machines. Is there a way I can do this. I looked at the certmgr.exe tool but did not see how to get this to run remotely on all machines. I had to install the SDk to get the tool.

There must be some way to do this but I cant seem to find any.


Thanks for any help
0
Comment
Question by:andrew_89
  • 7
  • 6
13 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Hi andrew_89,

Others may have tidier solutions, but using certmgr in a login script would do the job.  Alternatively, you could use something like PSExec to run it remotely -> http://www.sysinternals.com/Utilities/PsExec.html

Hope that helps,

-red
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
Yes but doesnt the program have to be installed everywhere to use psexec. I mean I only have certmgr on one box.... and do you know what the correct syntax for certmgr is to do this.

These are all IIS boxes so how could I do a login script??
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Ahh, if they are servers, dont bother with a logon script.

I doubt you will need the program installed on each machine, but you will most likely need to have the .net framework installed (which it should be already).  Test it out - copy over certmgr.exe and any other obvious dlls (like certmgr.dll if it exists :))

Here are the command line switches for certmgr -> http://msdn2.microsoft.com/en-us/library/e78byta0.aspx

As to running this command, I am not sure as I have not done it with .pfx files

-red
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
I found this script:
Option Explicit
Dim iiscertobj, pfxfile, pfxfilepassword, InstanceName, WebFarmServers, IISServer
Set iiscertobj = WScript.CreateObject("IIS.CertObj")
pfxfile = WScript.Arguments(0)
pfxfilepassword = WScript.Arguments(1)
InstanceName = WScript.Arguments(2)
WebFarmServers = split(WScript.Arguments(3), ",")
iiscertobj.UserName = WScript.Arguments(4)
iiscertobj.UserPassword = WScript.Arguments(5)
For Each IISServer in WebFarmServers
  iiscertobj.ServerName = IISServer
  iiscertobj.InstanceName = InstanceName
  iiscertobj.Import pfxfile, pfxfilepassword, true, true
Next

but I keeo getting subscript out of range errors on line 9??? any idea on this one ??
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
I assume you are talking about this -> http://technet2.microsoft.com/WindowsServer/en/library/f2ef3228-4a4b-4cc8-99cc-78784aa5890b1033.mspx?mfr=true

Are you following the instructions for running that?

Certimport.vbs cert.pfx pfxpassword w3svc/1 iisserver1,iisserver2,iisserver3 Administrator aal34290
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
Yes this is where I found it but I keep getting that error.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 1

Author Comment

by:andrew_89
Comment Utility
Okay now I followed it exaclty the way they wanted and receive the error below.

line 12
Invalid procedure call or argument
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
what is the command you are running?
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
I think I see the issue.. This .p12 file that I am trying to import was generated without a passphrase so the variable pfxpassword is not being passed. If I try to remove that variable form being passed , a different error comes back:

Wrong number of arguments or invalid property assignment:


Certimport.vbs c:\test.p12    w3svc/1 iis02,iis13,iis12 administrator  password
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
Comment Utility
try entering "" as the password - or try to get the file with a password...
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
either way I get

 Invalid procedure call or argument

on line 12  (iiscertobj.Import pfxfile, pfxfilepassword, true, true)

Looks like I may have to do this thing manually .......
0
 
LVL 1

Author Comment

by:andrew_89
Comment Utility
Oky I gotit working now. I just regenerated the key with a passphrase and passed that in. It works great thanks for your help as you got me on the right direction.
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Excellent, glad to hear you got it sorted

-red
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now