Solved

How to script the import of a .pfx certificate

Posted on 2006-10-20
13
3,770 Views
Last Modified: 2008-02-07
I have a wildcard certificate and need to import it across 100+ machines. Is there a way I can do this. I looked at the certmgr.exe tool but did not see how to get this to run remotely on all machines. I had to install the SDk to get the tool.

There must be some way to do this but I cant seem to find any.


Thanks for any help
0
Comment
Question by:andrew_89
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
13 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778094
Hi andrew_89,

Others may have tidier solutions, but using certmgr in a login script would do the job.  Alternatively, you could use something like PSExec to run it remotely -> http://www.sysinternals.com/Utilities/PsExec.html

Hope that helps,

-red
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778102
Yes but doesnt the program have to be installed everywhere to use psexec. I mean I only have certmgr on one box.... and do you know what the correct syntax for certmgr is to do this.

These are all IIS boxes so how could I do a login script??
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778123
Ahh, if they are servers, dont bother with a logon script.

I doubt you will need the program installed on each machine, but you will most likely need to have the .net framework installed (which it should be already).  Test it out - copy over certmgr.exe and any other obvious dlls (like certmgr.dll if it exists :))

Here are the command line switches for certmgr -> http://msdn2.microsoft.com/en-us/library/e78byta0.aspx

As to running this command, I am not sure as I have not done it with .pfx files

-red
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:andrew_89
ID: 17778159
I found this script:
Option Explicit
Dim iiscertobj, pfxfile, pfxfilepassword, InstanceName, WebFarmServers, IISServer
Set iiscertobj = WScript.CreateObject("IIS.CertObj")
pfxfile = WScript.Arguments(0)
pfxfilepassword = WScript.Arguments(1)
InstanceName = WScript.Arguments(2)
WebFarmServers = split(WScript.Arguments(3), ",")
iiscertobj.UserName = WScript.Arguments(4)
iiscertobj.UserPassword = WScript.Arguments(5)
For Each IISServer in WebFarmServers
  iiscertobj.ServerName = IISServer
  iiscertobj.InstanceName = InstanceName
  iiscertobj.Import pfxfile, pfxfilepassword, true, true
Next

but I keeo getting subscript out of range errors on line 9??? any idea on this one ??
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778182
I assume you are talking about this -> http://technet2.microsoft.com/WindowsServer/en/library/f2ef3228-4a4b-4cc8-99cc-78784aa5890b1033.mspx?mfr=true

Are you following the instructions for running that?

Certimport.vbs cert.pfx pfxpassword w3svc/1 iisserver1,iisserver2,iisserver3 Administrator aal34290
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778193
Yes this is where I found it but I keep getting that error.
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778201
Okay now I followed it exaclty the way they wanted and receive the error below.

line 12
Invalid procedure call or argument
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778202
what is the command you are running?
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778234
I think I see the issue.. This .p12 file that I am trying to import was generated without a passphrase so the variable pfxpassword is not being passed. If I try to remove that variable form being passed , a different error comes back:

Wrong number of arguments or invalid property assignment:


Certimport.vbs c:\test.p12    w3svc/1 iis02,iis13,iis12 administrator  password
0
 
LVL 39

Accepted Solution

by:
redseatechnologies earned 500 total points
ID: 17778271
try entering "" as the password - or try to get the file with a password...
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778292
either way I get

 Invalid procedure call or argument

on line 12  (iiscertobj.Import pfxfile, pfxfilepassword, true, true)

Looks like I may have to do this thing manually .......
0
 
LVL 1

Author Comment

by:andrew_89
ID: 17778329
Oky I gotit working now. I just regenerated the key with a passphrase and passed that in. It works great thanks for your help as you got me on the right direction.
0
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17778335
Excellent, glad to hear you got it sorted

-red
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Event ID: 5719 / Source: NETLOGON 9 182
AD Replications issues 12 130
Alert on Server memory 2 55
Drive mapping problem 7 56
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question