Way to use powershell to get thumbnail of request created by New-ExchangeCertificate?

Let us say I have a powershell script that creates a certificate request with New-ExchangeCertificate, as in the example:

$Data = New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=Woodgrove Bank, cn=mail1.woodgrovebank.com" -DomainName woodgrovebank.com, example.com -PrivateKeyExportable $true
So now I have some form of certificate $Data, and Exchange has just created a new certificate in  cert:\LocalMachine\REQUEST

How can I get the thumbnail of this new cert-request within my powershell script?

$freshThumbnail=$Data.Thumbnail

Does not work, because $Data is not the correct type of object.

July 26th, 2015 9:45pm

Hi Charlweed,

>>So now I have some form of certificate $Data, and Exchange has just created a new certificate in  cert:\LocalMachine\REQUEST
This is wrong.

When requesting a new certificate with Exchange tools - you are not actually creating the certificate itself, but just the cert request. That's why it does not contain any thumbnail yet.

You have to utilize the cert request file to obtain the certificate from CA first, then to install it to the server, after which you get the full-featured security certificate with a Private key, thumbnail, etc.

A simple Get-ExchangeCertificate then displays thumbnail in the first place.


Free Windows Admin Tool Kit Click here and download it now
July 27th, 2015 4:18am

Hello

Yes you can check this with below command.

Get-ExchangeCertificate | ft -AutoSize Thumbprint, Services

the one with the services status None is the new request.

July 27th, 2015 4:52am

Sorry for being unclear.

New-ExchangeCertificate GenerateRequest creates a request, and a private key with a thumbnail, and stores that in cert:\LocalMachine\REQUEST.

You can see this by listing the contents of cert:\LocalMachine\REQUEST, noting the thumbnails, running New-ExchangeCertificate GenerateRequest, then listing the contents of cert:\LocalMachine\REQUEST again. You will see a new thumbnail has been added.

The trick is to know which thumbnail has just been created for the new request, without doing the before-after listing.

 

Free Windows Admin Tool Kit Click here and download it now
July 27th, 2015 12:53pm

Hi,

I agree with MaxMCSE, you have only generated a Certificate Signing Request .

we need to download the certificate from your CA , then we install the certificate and assign required services.

Normally, we can use Get-ExchangeCertificate | fl to get your certificate settings.

You can refer to the below article to get a certificate:

http://social.technet.microsoft.com/wiki/contents/articles/28809.steps-to-perform-ssl-certificate-renewal-in-exchange-20102013.aspx

Regards ,

David 


July 27th, 2015 9:45pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics