Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSL Silent Install

Posted on 2008-10-07
7
Medium Priority
?
1,828 Views
Last Modified: 2012-06-27
I am trying to find a script to install SSL certificates silently.

i would prefer a way to do this with batch or VBS, but I am open to anything if these will not do the job!

Thanks guys!
0
Comment
Question by:geekhelp4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22661642
If this is pushing a common cert to all (e.g. your CA's root certificate) this can be done via GPO:
Computer Settings / Windows Settings / Security Settings / Public Key Polices / Trusted Certificate Authorities

Otherwise, I believe this might work for you:
http://www.visualbasicscript.com/m_37106/tm.htm

Common cert store names when dealing with CAPICOM are:
User / Machine - MY
Intermediate -  CA
Root - ROOT
Sometimes you may need to put the intermediate in both CA and ROOT, if you are doing that keep that in the back of your head if just one or the other doesn't work.
0
 
LVL 1

Author Comment

by:geekhelp4u
ID: 22662995
how would i get this to install a .cer  in IE silently?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22669027
Try checking the second half of this, there is a code example at the bottom that you can look at too:
http://pkidev.internet2.edu/rootcerts/
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:geekhelp4u
ID: 22669617
Thanks, looks promising... but the page to download and install the CREN root certificate via the CEnroll control takes me to a blank white screen?
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22678372
Don't worry about downloadign their root cert, just the code sample.  Their root cert is just for authenticating their root and doens't really have anything to do with your situation.
0
 
LVL 1

Author Comment

by:geekhelp4u
ID: 22678906
OK.. so have you done this before? If so, please break it down more dummy proof.

I am assuming that the:

 credentials = "MIID0gYJKoZIhvcNAQcCoIIDwzCCA78CAQExADALBgkqhkiG9w0BBwGgggOnMIIDozCCAoug" & _ ...

is my .cer file.  How do I get this code from a .cer?
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 1000 total points
ID: 22712676
The MII... is the normal look to a certificate signing request (.csr) file or a signed cert file (.cer).  Working with your previous statement, yes this looks good.

To get the text format for the .cer you can use this command:
certutil -encode filename.cer filename.txt

Then you can open that up into notepad and copy/paste it or call it from another program.  If you're using perl or something you could grab that data submit it as part of your program that way.

The code example is using a PKCS #7 file, which is the server cert bundled with the root certificate chain in one file (.p7b).    Usually the best way to handle this is to create a p7 file for the root chain and handle the end entity's cert seperately.  You can download the p7 file from http://YourCAName/certsrv and click the last option and then get the root chain there.

Generally, either you would deploy the root chain via GPO, etc. or you could use the same sample code and put the root chain first, then follow it with a similar entry for the end entity cert (your .cer file that you encoded to get the text).
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
This is a fine trick which I've found useful many times, when you just don't want to accidentally run a batch script or the commands needs administrator rights.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question