I am trying to request a certificate from a machine that is in the same domain as our enterprise CA server. Everything is working fine but I'm one step away from making my script have zero user interaction.
I basically modified the following script to contain no parameters and removed the SAN options:
https://gallery.technet.microsoft.com/scriptcenter/Request-certificates-from-b6a07151
After the following command to create a new request from an .inf file, I get a popup window:
Invoke-Expression -Command "certreq -new `"$inf`" `"$req`""
Machine context template conflicts with user context.
When I click OK, everything works fine. A new request gets created and rest of the script works fine. But I can't find a way to click "OK" programmatically.
certreq tool does have the -q
(to suppress interactive prompts) and -f
(to force/bypass things) but none of those work.
certreq -new -q $inf $req
OR using both -q
and -f
results in:
Active Directory Enrollment Policy
{<GUID>}
ldap:
Machine context template conflicts with user context.
Certificate Request Processor: The specified role was not configured for the application 0x8004e00c (-2147164148 CONTEXT_E_ROLENOTFOUND)
I am pretty much stuck here. Any help would be appreciated!
The problem is that the template is of kind Computer
and not User
. That means the request should be created in the context of the computer account. This means you must run the script as SYSTEM
, Administrator
or any other account allowed to identify as the Computer.
Answer to your question should be changing param in Request-Certificate.ps1. Take a look at inf file for generating request and check MachineKeySet param. Default is false and prompt:
Machine context template conflicts with user context.
appers when template is of kind Machine. When you switch it to true ale use User template there is opposite prompt:
User context template conflicts with machine context.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.