j0f3 / powershell Goto Github PK
View Code? Open in Web Editor NEWPersonal PowerShell Script collection
License: MIT License
Personal PowerShell Script collection
License: MIT License
When using CSV list, CAName
gets updated with certreq
's -config
argument after first execution, thus any following entries will fail with invalid CAName
given to the certreq
.
Please add following fixup starting @ line 367:
+ $CANameArg = ""
if (!$CAName -eq "") {
- $CAName = " -config `"$CAName`""
+ $CANameArg = " -config `"$CAName`""
}
- Write-Debug "certreq -submit$CAName `"$req`" `"$cer`""
- Invoke-Expression -Command "certreq -submit$CAName `"$req`" `"$cer`""
+ Write-Debug "certreq -submit$CANameArg `"$req`" `"$cer`""
+ Invoke-Expression -Command "certreq -submit$CANameArg `"$req`" `"$cer`""
First of all, fantastic script! It really makes certificate tasks so much easier!
For those of us who are requesting certs against a template that has the Issuance Requirements > CA certificate manager approval
option enabled, the script fails since the certificate hasn't been approved and issued by the time the script goes to retrieve it.
My attempts fail with the following output:
C:\Users\ADMINI~1\AppData\Local\Temp\TESTCERT.cer
Request-Certificate.ps1: certreq -accept command failed
Has there been any consideration on ways to work around this, either by pausing the script until the requester presses a key, running a loop to check for cert approval every 30s or allow the script to be re-run at a later time with a 'retrieve and complete issuance' switch?
I have attempted to mess around with pausing the flow and even just trying to complete the certificate issuance in the computer's certlm
but, while it sees the certificates in Certificate Enrollment Requests
certificate store, the retrieval option just sees them all as "Enrollment Pending" even though they have been approved for issuance by the CA.
This command is giving below error ,
C:\Users\Administrator\Desktop\cert_new.ps1 : Method invocation failed because [System.DirectoryServices.DirectorySearcher] does not contain a method named 'new'.
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,cert_new.ps1
Firstly, thank you for this script, it's fantastic!!
At present we are able to use it when passing in the parameters normally, our goal is to use this for a large amount of servers so attempting to test with the Import-CSV is yielding something strange.
At present our CSV is setup as the example:
First row - CN;SAN
Second row - servername;DNS=servername
When we run the commands the cert is generating but being issued to:
@{cn;san=servername;DNS=servername}
The 'Subject' shows that same name, and there is no SAN listed. Quite perplexed as to why it would be doing this as it definitely is working when passing those values in directly via the parameters.
Thanks in advance!
Hi,
I'm trying to use the script to generate user certificates. As the script only works in the Machine/Device store I get a popup that context conflicts with user context.
Is it possible to add a switch for user/machine context?
gr,
Tom
This code uses the legacy provider for requesting keys. While many MS CS services are configured to use this provider one should move to Microsoft Software Key Storage Provider (KSP) for all new deployments.
I suggest to add the KSP provider as default and add a "-legacy" switch.
https://www.pkisolutions.com/understanding-microsoft-crypto-providers/ - PKI Solutions have a nice overview of the various providers available.
Hi,
Firstly thanks for this awesome script.
I would like to know of the best way to run this on several machines using the Invoke-Command
command and using a CSV as a source for the list of remote computers.
First certificate in the .csv chain executes perfectly. Every fourth certificate in the csv chain executes perfectly. All other entries in the chain fail to submit because they "Certificate Request Processor: The system cannot find the file specified. 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND)" can't find the .tmp file. Looking in %LOCALAPPDATA%\Temp the requisite .tmp file for the request is not present. Every 3rd certificate request in the .csv opens an explorer window.
Presented with a CSV of:
CN
S2TESTR001
S2TESTR002
S2TESTR003
S2TESTR004
S2TESTR005
S2TESTR006
S2TESTR007
S2TESTR008
S2TESTR009
S2TESTR010
S2TESTR011
S2TESTR012
S2TESTR013
S2TESTR014
S2TESTR0015
the 1st, 5th, 9th, and 13th (every fourth) execute, all of the others inbetween fail with '.tmp' not found.
Import-Csv .\file.csv -UseCulture | .\Request-Certificate.ps1 -verbose -TemplateName "MyCustomMachineTemplate" -Export -ExportPath "C:\TEMP" -Password "password" -CAName "ca.myserver.com\MYCANAME"
After the execution of the script, the certificate is getting installed and we can see manually in the MMC console , but not able export it and located export path
During Execution of script, we are getting the below error :
Template Name not found .
But are having the template name as EX : xxxx Web Server .
Kindly help .
Fantastic script, Does everything I need except for setting a password on the exported PFX file.
I might be missing something but is there anyway to do this?#
The following line is converting the SAN array to a string,
$SAN = "DNS=$CN" + $SAN #Add CN as first SAN entry
and can be fixed by making the modification,
$SAN += "DNS=$CN" #Add CN as first SAN entry
to preserve the array and prevent it from mangling the SAN in the request.
PSVersion 5.1.17763.1490
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.17763.1490
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
I've found out, that current code is not compatible with PS7 slightly.
Changing
$certbytes | Set-Content -Encoding Byte -Path $pfxPath -ea Stop
to
$certbytes | Set-Content -AsByteStream -Path $pfxPath -ea Stop
Fixed the issue for me.
Please consider changing it in repository.
While executing the script I encouter the error message below:
"The system cannot find the file specified
C:\xxxxx\temp\Server.cer"
I check in the temp folder and I have 3 files:
I think the issue is where the script is not renaming the temp file to Server.cer
Any help would be appreciated.
Requesting a cert for ".what.ever" works, when trying to save ".what.ever.rsp" or "*.what.ever.pfx"
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.