McKnife
asked on
Obtaining a computer ssl certificate from AD PKI using the command line
Hi experts.
Imagine you have a working domain PKI and a working auto enrollment policy.
Using the certificate mmc for the computer account, you just right click the "personal" folder and "request new certificate" and that's it.
However, what would you do on a core server that has no mmc? Using the mmc from remote is an option, but then, you can only create a manual certificate request and honestly, I'm not in the mood to figure out these options right now.
To help me, you have to be in the position to test this.
We will either use the remote mmc or the command line. If command line (powershell or certreq.exe), you need to supply the complete syntax since I was unable to figure it out myself. The certificate needs to be of the same type as you get through the mmc which should be "client authentication" and "server authentication".
Imagine you have a working domain PKI and a working auto enrollment policy.
Using the certificate mmc for the computer account, you just right click the "personal" folder and "request new certificate" and that's it.
However, what would you do on a core server that has no mmc? Using the mmc from remote is an option, but then, you can only create a manual certificate request and honestly, I'm not in the mood to figure out these options right now.
To help me, you have to be in the position to test this.
We will either use the remote mmc or the command line. If command line (powershell or certreq.exe), you need to supply the complete syntax since I was unable to figure it out myself. The certificate needs to be of the same type as you get through the mmc which should be "client authentication" and "server authentication".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER