stackoom
  简体   繁体   中英

How to suppress a popup window while using certreq to request a certificate from an enterprise CA?

 原文  2019-05-07 00:34:50       powershell/ certificate/ popupwindow/ ca/ certreq

Question

I am trying to request a certificate from a machine that is in the same domain as our enterprise CA server. Everything is working fine but I'm one step away from making my script have zero user interaction.

I basically modified the following script to contain no parameters and removed the SAN options:

https://gallery.technet.microsoft.com/scriptcenter/Request-certificates-from-b6a07151

After the following command to create a new request from an .inf file, I get a popup window:

Invoke-Expression -Command "certreq -new `"$inf`" `"$req`""

Machine context template conflicts with user context.

When I click OK, everything works fine. A new request gets created and rest of the script works fine. But I can't find a way to click "OK" programmatically.

certreq tool does have the -q (to suppress interactive prompts) and -f (to force/bypass things) but none of those work.

certreq -new -q $inf $req OR using both -q and -f results in: 

Active Directory Enrollment Policy
  {<GUID>}
  ldap:
Machine context template conflicts with user context.
Certificate Request Processor: The specified role was not configured for the application 0x8004e00c (-2147164148 CONTEXT_E_ROLENOTFOUND)

I am pretty much stuck here. Any help would be appreciated!

2 answers

solution1
 1 ACCPTED  2019-05-07 07:34:31

The problem is that the template is of kind Computer and not User . That means the request should be created in the context of the computer account. This means you must run the script as SYSTEM , Administrator or any other account allowed to identify as the Computer.

solution2
 1  2021-01-15 11:03:13

Answer to your question should be changing param in Request-Certificate.ps1. Take a look at inf file for generating request and check MachineKeySet param. Default is false and prompt:

Machine context template conflicts with user context.

appers when template is of kind Machine. When you switch it to true ale use User template there is opposite prompt:

User context template conflicts with machine context.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I show the certificate thumbnail for a newly created certificate using certreq in powershell? Can I request a client certificate from Active Directory CA with Powershell? Using PowerShell to run certreq remotely How can I use certreq.exe to sign a CSR while providing a CertificateTemplate and SAN attributes? How to trust a Certificate in Powershell derived of a CA Generating private key in a file using certreq in powershell How to request a exportable certificate using PowerShell? Certificate exported from Windows CA store is unreadable by Java Setting a CA Certificate, with specific Enabled Purposes, using PowerShell how to display popup window from windows service running a powershell script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM