I made a script in powershell to make a .REQ from a .INF file. This file (the .REQ) must then be imported into the PKI, which then generates a .CERT.
My problem is that I do not know how to authenticate myself to the PKI from Powershell. Second question if I may ask, how do I choose the certificate Template (in the PKI online screen, I have a choice box in which I choose my template (for eg Wifi client").
Here is my code so far, of course I don't know how to authenticate, that is my main question here. I precise that I know the login and the password (I successfully connect myself using RDP).
# Generate Request File .req
Write-Host " This script generates a .REQ (step 1/3 in certificate creation)"
Write-Host " "
Write-Host " Step 1/3: create .INF file with Key length and other parameters, create a .REQ file"
Write-Host " Step 2/3: import the .REQ file into the Intermediate PKI and generate a .CER"
Write-Host " Step 3/3: from the .CER file, create a .PFX with the exportable key"
# Variables declaration
#
# UID = nom du PDA ou son numero de serie
# $Login = login sur la PKI intermediate
# $Pass = Password sur la PKI intermediate
$Date = (Get-Date).ToString('ddMMyyyy')
Write-Host " "
[string]$UID = read-host "Please enter the Device Name (or Serial Number)"
$Path = "C:\users\youcef\Desktop\Julie\"
$Login = "me"
$Pass = "pass"
# INF File content
$ReqFile = "$UID" + "_" + "$Date" + ".req"
$InfFile = @"
[NewRequest]`r
Subject = "CN=$UID"`r
KeySpec = 1
Exportable = TRUE
RequestType = PKCS10
[PolicyStatementExtension]
Policies=InternalPolicy
[InternalPolicy]
OID= 1.2.3.4.1455.67.89.5
Notice="Legal Policy Statement
[Certsrv_Server]
RenewalKeyLength=1024
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=2
CRLPeriod=weeks
CRLPeriodUnits=52
CRLDeltaPeriod=Days
CRLDeltaPeriodUnits=0
LoadDefaultTemplates=1
AlternateSignatureAlgorithm=0
"@
# Generate Request File from INF File
Write-Host "Generating Certificate Request file..." -ForegroundColor Yellow;
$MYCERTNAME = "$UID" + "_" + "$Date" + ".inf"
New-Item $MYCERTNAME -type file -value $InfFile
certreq -new $path\$MYCERTNAME $path\$ReqFile
Write-Host " "
Write-Host "Certificate request file for $UID successfully generated!" -foregroundcolor DarkGreen;
# Authentication on PKI: HERE I AM TOTALLY LOST
Connect-CertificationAuthority -ComputerName ca01.company.com
$password = ConvertTo-SecureString "password" -AsPlainText -Force
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $Login, $Pass
$serverNameOrIp = "192.168.1.1"
Restart-Computer -ComputerName $serverNameOrIp `
-Authentication default `
-Credential $cred
<any other parameters relevant to you>
$cred = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $username, $password
$serverNameOrIp = "https://pki.mycompany.fr/certsrv/certrqxt.asp"
Restart-Computer -ComputerName $serverNameOrIp `
-Authentication default `
-Credential $cred
<any other parameters relevant to you>
certreq -submit -config "https://pki.mycompany.fr/certsrv/certrqxt.asp" $path\$ReqFile $path\$UID.cer
#certreq -submit -config "https://pki.mycompany.fr\certsrv" $path\$ReqFile $path\$UID.cer
certreq -accept $path\$UID.cer
certutil -exportpfx -p "Welcome123" MY $UID $path\clientcerts\$UID.pfx
I solved my issue in launching my script directly on the server. Not the best solution, but I neevr managed to use Remote Session in Powershell