Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Request A Certificate From Enterprise CA Based On Template Using Powershell

Posted on 2016-11-30
1
Medium Priority
?
122 Views
Last Modified: 2017-01-17
I am trying to find out how I can enroll the local machine with our enterprise CA using powershell.
I know it's possible using certutil, but I am try to avoid having to use StdErr + streamreading to get error messages. I am hoping there is a way with COM Objects, WMI ...

I got as far as this:
$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x02,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window


The issue I have is figuring out how to tell the certificate request to determine the subject name based on the computer not the user account. Right now I get a certificate issued to the user running the script in the local machine certificate store.
0
Comment
Question by:byt3
1 Comment
 
LVL 2

Accepted Solution

by:
byt3 earned 0 total points
ID: 41907995
Found the solution to my problem. I didn't realize that the X509CertificateEnrollmentContext enum has 3 possible values, not 2. I thought it was just 0x1 (ContextUser) and 0x2 (ContextMachine). There is a third: 0x3 (ContextAdministratorForceMachine). Here's the adjusted code:

$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x03,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window

0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Loops Section Overview

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question