I have a non-domain PC (windows 7) attempting to obtain a cert from a Windows 2008 R2 Enterprise CA. I have the root ca and crl's installed on the non-domain client.
I'm working on a script that will create a certificate request file (.inf), take that request file and turn it into a .req binary, and then submit to a CA. How would I go about submitting the a certificate request via the command line? I've tried using the command below but it errors with "The certificate authority is invalid or incorrect 0x80072f0d (Win32: 12045).
certreq -submit -Username domain\user -p password -PolicyServer "https://192.168.1.10/ADPolicyProvider_CEP_Kerberos/service.svc/CEP" -config "https://192.168.1.10/caname_CES_Kerberos/service.svc/CES" -attrib "CertificateTemplate:Computer" C:\cert1.req C:\cert.cer
I found the answer. This command will submit BinaryRequest.req to the CA (which is set to autoenroll) and save it as newcert.cer
certreq -submit -f -config "192.168.1.10\caname" BinaryRequest.req newcert.cer
User contributions licensed under CC BY-SA 3.0