PowerShell Certificate Request from Enterprise PKI CA Server

This command will allow you to quickly get a certificate automatically. This is very useful for automating deployments of IIS or other web services that require a certificate to function. It uses your windows EPKI servers to get the certificates. There are a few requirements though.

Requirements:

  1. You have access to the certificate templates
  2. You have your template setup to auto approve
  3. You have your template setup based on the web server template

Here is the set of commands. You move powershell to the local machine cert store (where IIS can get them and the type of template you are using would be stored). You then request the cert by template name. You can specify the subject name and other DNS names (note you can do a SANs cert here too). Once you have the cert the next command will set a friendly name for the cert (on this computer). The friendly name can be anything and will not transfer from computer to computer. It then outputs the thumbprint too.

Set-Location 'Cert:\LocalMachine\My'
$cert = Get-Certificate -Template "[cert_template_name_here]" -Url ldap: -SubjectName ("CN=" + "blah.blah.com") -DnsName "blah.blah.com", "blah", "tom.tom.com", "tom", "192.168.6.33" -CertStoreLocation Cert:\LocalMachine\My
gci | where {$_.Thumbprint -eq $cert.Certificate.Thumbprint} | foreach { $_.FriendlyName = "my blah and tom cert" }
$cert.Certificate.Thumbprint
This entry was posted in IT and tagged , . Bookmark the permalink.

Leave a Reply