2

I'm trying to submit a certificate request. I'm trying to do it from command line so I can run it from code.

Previously I have done it by using the Microsoft Active Directory Certificate Services for the CA I'm using. Specifically CA Web enrollment where I copy and pastes the base 64 request in via the browser and then download the cert.

I'm trying to automate this using the template below. I have the server open (it's windows server 2012) and I can't figure out the correct paramters. I think the main thing I'm missing is the FQDN and Alias. How do I find this out?

certreq -submit 
-Username {domain}\{username} 
-p {password}
-PolicyServer "https://{FQDN CertificateEnrollmentPolicyWebService-Server/-Alias}/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP" 
-config "https://{FQDN CertificateEnrollentWebService-Server/-Alias}/{CAName}_CES_UsernamePassword/service.svc/CES" 
-attrib "CertificateTemplate:{TemplateName}" 
{Enter Path and Name of the Request-File}
{Choose Path and Filename for certificate}
Nathan Cooper
  • 123
  • 1
  • 5

1 Answers1

2

Those are going to be the FQDNs of the web server(s) where you've installed the Installing the Certificate Enrollment Policy Web Service and Installing the Certificate Enrollment Web Service role features. Typically they'll be on the same server where you installed the CA.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • @NathanCooper - It's likely the server running the CA. Try it and see. – Evan Anderson Oct 09 '14 at 14:19
  • I've checked IIS and there seems to be a certsrv and a certenroll. I've looked in both their folders and can't seem to find any cert enrolment policy files. I suspect I may have to stick to using the ui. – Nathan Cooper Oct 09 '14 at 14:51