Issue/approve pending certificate requests with certutil
Is it possible to somehow approve/issue pending certificate requests on a standalone ca from command line? CERTUTIL seems to offer only -DENY and -REVOKE commands, but not anything like -ISSUE.
thanks ondrej.
July 14th, 2010 5:06pm
Definitely yes. Use '-Resubmit' option. Since this option is ambigous, this property calls ICertAdmin::ResubmitRequest() method:
http://msdn.microsoft.com/en-us/library/aa383250(VS.85).aspx
(here you can get detailed explanation).
Also you may be interesting in another interesting example in PowerShell:
function Issue-PendingRequest {
[CmdletBinding()]
param(
[Parameter(Mandatory = $true, ValueFomPipeline = $true)]
[string]$CAConfig,
[Parameter(Mandatory = $true)]
[int]$RequestID
)
try {$CertAdmin = New-Object -ComObject CertificateAuthority.Admin}
catch {Write-Warning "Unable to instantiate ICertAdmin2 object!"; return}
try {
$status = switch ($CertAdmin.ResubmitRequest($CAConfig,$RequestID)) {
0 {"The request was not completed."}
1 {"The request failed."}
2 {"The request was denied."}
3 {"The certificate was issued."}
4 {"The certificate was issued separately"}
5 {"The request was taken under submission."}
6 {"The certificate is revoked."}
}
}
catch {$_; return}
Write-Host "Operation status for the request '$RequestID': $status"
}
in order to simplify function usage you can hardcode CA config string for offline CAs. So you will have to use this code like this:
Issue-PendingRequest 145
where 145 — Request ID.
http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2010 7:27pm
hello,
thanks for the reply, but the documentation states that "tor this method to succeed, the certificate request must be pending."
So I am now trying your powershell script. thanks.
ondrej.
July 15th, 2010 10:42am
aaa, thanks, I am now doing it with .VBS using the resubmit. thank you very much.
ondrej.
Free Windows Admin Tool Kit Click here and download it now
July 15th, 2010 11:27am
Can you post some code here for vbs?
thanks.
August 5th, 2010 7:10pm