Q: How can I submit a certificate request to an Enterprise CA from a machine that's not a domain member?

John Savill

October 12, 2011

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A: It's possible to use the certreQ:exe tool that's part of Windows to submit a request you have generated (such as with IIS Manager) to an Enterprise CA; you pass the Enterprise CA host and CA name, then credentials to use. For example, typing the following

C:>certreq -submit -username savilltechadministrator -p password -config savdaldc10.savilltech.netsavilltech-SAVDALDC10-CA -attrib "CertificateTemplate:WebServer" savdalf01.req savdalfs01.cer


generates this output which shows the request and certificate issuance:

RequestId: 20
RequestId: "20"
Certificate retrieved(Issued) Issued

Note that you need to change your CA server and also the credentials and certificate template if it's not an SSL certificate. The returned certificate is stored in the .cer file you specify in the command.

If you're unsure of the name of your enterprise CA, launch the Certification Authority administrator tool. It shows the CA name at the root of the navigation (see the screen shot below). You just add this to the name of the server in the certreq command (e.g., ).



About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like