certreq for another AD User

-

hi,

i need able to request certificate user certificate template i've created ad user.

for testing purpose i'm logged domain administrator , if i'm trying execute following powershell script it's not working.  if remove requestername parameter "ok" except certificate has been issued logged user administrator.

thanks helping

here's error :

certificate not issued (denied) error verifying request signature or signing certificat
e  none of signers of cryptographic message or certificate trust list truste
d. 0x8009202b (-2146885589) 

here's script :

[string] $templatename = "certtemplate"
[string] $caname = "myrootca"
[string] $certpath = "c:\test"
[string] $username = "test7"
write-host
write-host "generating request file"

remove-item $certpath\usercert.inf -erroraction silentlycontinue
remove-item $certpath\usercert.req -erroraction silentlycontinue

add-content $certpath\usercert.inf "[newrequest]`r
subject = `"cn=$username`"`r
exportable = true
requestername = testlocal\test7
requesttype = cmc`r
[requestattributes]`r
certificatetemplate = `"$templatename`"`r
san = `"email=$email`""

certreq -new $certpath\usercert.inf $certpath\usercert.req


write-host "sending certificate request"

certreq -submit -config "$caname" $certpath\usercert.req $certpath\$username.cer

write-host "installing certificate"

certreq -accept $certpath\$username.cer

 

 

hello,

for detailed ca questions security forum better place:

http://social.technet.microsoft.com/forums/en/winserversecurity/threads

best regards meinolf weber disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.


Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more