I want to do the following task: Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. but the CA doesn't have the IIS CertSrv installed, is there a way to submit the request using CLI or something like that? Thank you in advance ( I don't see a way and I'm almost pulling of my hair here)

The idea is that the request that you generate needs to get to the CA somehow, and the web enrollment and autoenrollment are two ways for that to happen. If neither of these are possible, then you will have to find a way to copy the request file from the client to the issuing CA. The standard way to create an advanced certificate request involves using the Certificates MMC snap-in. Usually you open the certificate store for the current user or the computer and open Personal\Certificates. Right click certificates and select All Tasks -> Advanced Operations -> Create Custom Request (if you select All Tasks -> Request New Certificate, this will configure the request based off of templates used by any of the enterprise CAs in your infrastructure). The documentation for certreq also specifies that a .inf file can be used. Once you have the request generated, you can copy it to the CA and submit it with the certreq utility (it also appears from the documentation that you can submit remotely; however I am not sure what port needs to be open, possibly DCOM/RPC as it appears to be exposed with the "CertSrv Request" DCOM component). Note that submitting to the remote CA is done with the -config <Host>\<CAName> option. If the user that submits the request does not have permissions to grant the request, another administrator can use the certutil command line utility to approve the request and the response/certificate can be retrieved with the certreq utility or exported from the server through the Certification Authority snap-in (This is done by right-clicking the CA and selecting All Tasks -> Submit new request... and selecting the PKCS 10 file. This shows in the Pending Requests Folder where it can be approved and the certificate can be exported from the "Issued Certificates" folder). Certificate Request INF example http://blogs.technet.com/b/niraj_kumar/archive/2009/02/11/how-to-request-certificate-from-third-party-ca-and-install-it-on-the-machine.aspx certreq: http://technet.microsoft.com/en-us/library/cc725793%28WS.10%29.aspx certutil: http://technet.microsoft.com/en-us/library/cc732443%28WS.10%29.aspx -- Mike Burr

thanks Mike, I found the certreq command later on the Microsoft technet site, I also reinstall some IIS components that were preventing the CertSrv site to work as usual. Thanks for the reply and for the well explained info.