Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Request A Certificate From Enterprise CA Based On Template Using Powershell

Posted on 2016-11-30
1
Medium Priority
?
149 Views
Last Modified: 2017-01-17
I am trying to find out how I can enroll the local machine with our enterprise CA using powershell.
I know it's possible using certutil, but I am try to avoid having to use StdErr + streamreading to get error messages. I am hoping there is a way with COM Objects, WMI ...

I got as far as this:
$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x02,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window


The issue I have is figuring out how to tell the certificate request to determine the subject name based on the computer not the user account. Right now I get a certificate issued to the user running the script in the local machine certificate store.
0
Comment
Question by:byt3
1 Comment
 
LVL 2

Accepted Solution

by:
byt3 earned 0 total points
ID: 41907995
Found the solution to my problem. I didn't realize that the X509CertificateEnrollmentContext enum has 3 possible values, not 2. I thought it was just 0x1 (ContextUser) and 0x2 (ContextMachine). There is a third: 0x3 (ContextAdministratorForceMachine). Here's the adjusted code:

$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x03,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Loops Section Overview

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question