Is it possible to somehow approve/issue pending certificate requests on a standalone ca from command line? CERTUTIL seems to offer only -DENY and -REVOKE commands, but not anything like -ISSUE. thanks ondrej.

Definitely yes. Use '-Resubmit' option. Since this option is ambigous, this property calls ICertAdmin::ResubmitRequest() method: http://msdn.microsoft.com/en-us/library/aa383250(VS.85).aspx (here you can get detailed explanation). Also you may be interesting in another interesting example in PowerShell: function Issue-PendingRequest { [CmdletBinding()] param( [Parameter(Mandatory = $true, ValueFomPipeline = $true)] [string]$CAConfig, [Parameter(Mandatory = $true)] [int]$RequestID ) try {$CertAdmin = New-Object -ComObject CertificateAuthority.Admin} catch {Write-Warning "Unable to instantiate ICertAdmin2 object!"; return} try { $status = switch ($CertAdmin.ResubmitRequest($CAConfig,$RequestID)) { 0 {"The request was not completed."} 1 {"The request failed."} 2 {"The request was denied."} 3 {"The certificate was issued."} 4 {"The certificate was issued separately"} 5 {"The request was taken under submission."} 6 {"The certificate is revoked."} } } catch {$_; return} Write-Host "Operation status for the request '$RequestID': $status" } in order to simplify function usage you can hardcode CA config string for offline CAs. So you will have to use this code like this: Issue-PendingRequest 145 where 145 — Request ID. http://en-us.sysadmins.lv

hello, thanks for the reply, but the documentation states that "tor this method to succeed, the certificate request must be pending." So I am now trying your powershell script. thanks. ondrej.

aaa, thanks, I am now doing it with .VBS using the resubmit. thank you very much. ondrej.

Can you post some code here for vbs? thanks.