Q: How can I submit a certificate request to an Enterprise CA from a machine that's not a domain member?
October 12, 2011
A: It's possible to use the certreQ:exe tool that's part of Windows to submit a request you have generated (such as with IIS Manager) to an Enterprise CA; you pass the Enterprise CA host and CA name, then credentials to use. For example, typing the following
C:>certreq -submit -username savilltechadministrator -p password -config savdaldc10.savilltech.netsavilltech-SAVDALDC10-CA -attrib "CertificateTemplate:WebServer" savdalf01.req savdalfs01.cer
generates this output which shows the request and certificate issuance:
RequestId: 20
RequestId: "20"
Certificate retrieved(Issued) Issued
Note that you need to change your CA server and also the credentials and certificate template if it's not an SSL certificate. The returned certificate is stored in the .cer file you specify in the command.
If you're unsure of the name of your enterprise CA, launch the Certification Authority administrator tool. It shows the CA name at the root of the navigation (see the screen shot below). You just add this to the name of the server in the certreq command (e.g., ).
About the Author
You May Also Like