Use certreq.exe to renew a certificate silently
Hello all,
I'm trying to figure out how to use certreq.exe to silently renew a given certificate in the user's My store. The problem I'm faced with is that certreq is popping up a dialog prompting the user to select which cert they want to renew even though I'm
providing that info to certreq ahead of time...
Following the certreq syntax detailed
here, I open the user's My store, identify the hash value of the cert I need to renew, and then dynamically create the following INF to pass into certreq:
[Version]
Signature="$WindowsNT$"
[NewRequest]
Subject="E=blah@contoso.com"
PrivateKeyArchive=TRUE
RenewalCert=76f26461cde6c6a56e0d505a418e9dc5a5e9d8d6
KeySpec=1
KeyUsage=0xa0
Providertype=1
RequestType=CMC
KeyLength=2048
[RequestAttributes]
CertificateTemplate=SecureEmail
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.4
As you can see, the RenewalCert property is defined which should provide certreq all it needs in order to know which cert I want to renew. Even so, the dialog still appears. Does anyone know if there's a way to suppress that dialog?
Thanks!
Mike
December 8th, 2010 11:36am
Update:
Depending on what you read, the "RenewalCert" attribute should be populated with either the old certificate hash or the old certificate serial number. I've tried both and the behavior didn't change.
Free Windows Admin Tool Kit Click here and download it now
December 8th, 2010 1:01pm
Hi have you tried -q switch?
Martin
December 9th, 2010 2:16am
Wow; easy enough. Thanks!
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2010 12:54pm