Request A Certificate From Enterprise CA Based On Template Using Powershell

I am trying to find out how I can enroll the local machine with our enterprise CA using powershell.
I know it's possible using certutil, but I am try to avoid having to use StdErr + streamreading to get error messages. I am hoping there is a way with COM Objects, WMI ...

I got as far as this:
$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x02,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window


The issue I have is figuring out how to tell the certificate request to determine the subject name based on the computer not the user account. Right now I get a certificate issued to the user running the script in the local machine certificate store.
LVL 2
byt3Asked:
Who is Participating?
 
byt3Connect With a Mentor Author Commented:
Found the solution to my problem. I didn't realize that the X509CertificateEnrollmentContext enum has 3 possible values, not 2. I thought it was just 0x1 (ContextUser) and 0x2 (ContextMachine). There is a third: 0x3 (ContextAdministratorForceMachine). Here's the adjusted code:

$TemplateName = "RadiusCertificate"
$Request = New-Object -ComObject X509Enrollment.CX509CertificateRequestPkcs10
$Request.InitializeFromTemplateName(0x03,$TemplateName)
$Enroll = New-Object -ComObject X509Enrollment.CX509Enrollment
$Enroll.InitializeFromRequest($Request)
$Enroll.Enroll()

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.