Windows CA Certificate Request via Commandline

2

I have a non-domain PC (windows 7) attempting to obtain a cert from a Windows 2008 R2 Enterprise CA. I have the root ca and crl's installed on the non-domain client.

I'm working on a script that will create a certificate request file (.inf), take that request file and turn it into a .req binary, and then submit to a CA. How would I go about submitting the a certificate request via the command line? I've tried using the command below but it errors with "The certificate authority is invalid or incorrect 0x80072f0d (Win32: 12045).

certreq -submit -Username domain\user -p password -PolicyServer "https://192.168.1.10/ADPolicyProvider_CEP_Kerberos/service.svc/CEP"  -config "https://192.168.1.10/caname_CES_Kerberos/service.svc/CES"  -attrib "CertificateTemplate:Computer"  C:\cert1.req C:\cert.cer
windows-server-2008-r2
windows-7
certificate-authority
asked on Server Fault Jul 20, 2014 by l0sts0ck

1 Answer

1

I found the answer. This command will submit BinaryRequest.req to the CA (which is set to autoenroll) and save it as newcert.cer

certreq -submit -f -config "192.168.1.10\caname" BinaryRequest.req newcert.cer 
answered on Server Fault Jul 21, 2014 by l0sts0ck • edited Jul 21, 2014 by l0sts0ck

User contributions licensed under CC BY-SA 3.0