You can, but you have to: 1) Run cert -accept on the machine where the command is generated (the key pair that needs to be associated with the certificate is *ON THAT MACHINE* 2) Enable key export in the certificate template (prior to the cert request being generated) 3) Export the certificate as a PKCS#12 4) Distribute the PKCS#12 to the target server and install That is the *ONLY* way that it will work if you want to generate on one server Brian

try this: certreq -accept -machine C:\SCCM\ourTarget.cer also, you need to run the command on the same machine where the request was generated.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Check out new: PowerShell FCIV tool.

But if I run this on the same machine where the request was generated, I install this certificate on that machine right? So my next question is, is it possible to generate the certificates for other servers in our domain all on 1 server, because that is what i'm trying to do?

At the moment we have the following server set up: A SCCM server which is running a script for certain devices in our network and generating a .cer file for each device. Next we want this .cer file to be installed on an certain devices for which this already has been generated (by the script running on the SCCM server). PS C:\Windows\ccmcache\f> certreq -accept C:\SCCM\ourTarget.cer Usage: CertReq -? CertReq [-v] -? CertReq [-Command] -? CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn] Accept and install a response to a previous new request. Options: -user -machine -pin Pin Expected -user | -machine argument Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628) Why do I get this error and what can I do to fix this? Where generating the .cer files on the SCCM server for firewall reasons. Also, if I run everything on 1 server (like in 1 powershell prompt) everything installs succesfully. Kind regards Thijs

try this: certreq -accept -machine C:\SCCM\ourTarget.cer also, you need to run the command on the same machine where the request was generated.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Check out new: PowerShell FCIV tool.

Thank you all for your answers. Indeed I had to accept the certificate on the same server. And in case you want to know, I get the private key using this command: write-host "Creating private key" -ForegroundColor Yellow dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey -and $($_.subject) -eq "CN=$Computer.$fqdn" } | Foreach-Object {[system.IO.file]::WriteAllBytes( "C:\SCCM\$($_.subject).pfx", ($_.Export('PFX', 'secret')) ) } This checks for all the machine certificates with a certain computername + fqdn and creates a .pfx file.

Thank you all for your answers. Indeed I had to accept the certificate on the same server. And in case you want to know, I get the private key using this command: write-host "Creating private key" -ForegroundColor Yellow dir cert:\localmachine\my | Where-Object { $_.hasPrivateKey -and $($_.subject) -eq "CN=$Computer.$fqdn" } | Foreach-Object {[system.IO.file]::WriteAllBytes( "C:\SCCM\$($_.subject).pfx", ($_.Export('PFX', 'secret')) ) } This checks for all the machine certificates with a certain computername + fqdn and creates a .pfx file.