Solved

Request A Certificate From Enterprise CA Based On Template Using Powershell

Posted on 2016-11-30
1
30 Views
Last Modified: 2017-01-17
I am trying to find out how I can enroll the local machine with our enterprise CA using powershell.
I know it's possible using certutil, but I am try to avoid having to use StdErr + streamreading to get error messages. I am hoping there is a way with COM Objects, WMI ...

I got as far as this:
$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x02,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window


The issue I have is figuring out how to tell the certificate request to determine the subject name based on the computer not the user account. Right now I get a certificate issued to the user running the script in the local machine certificate store.
0
Comment
Question by:byt3
1 Comment
 
LVL 2

Accepted Solution

by:
byt3 earned 0 total points
ID: 41907995
Found the solution to my problem. I didn't realize that the X509CertificateEnrollmentContext enum has 3 possible values, not 2. I thought it was just 0x1 (ContextUser) and 0x2 (ContextMachine). There is a third: 0x3 (ContextAdministratorForceMachine). Here's the adjusted code:

$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x03,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This script checks a path to see if a folder exists. If the folder does exist you will get output "The folder has previously been created. No action taken" If not it will create the folder. Then adds one user modify permission to the folder. It …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now