certreq -accept on other server giving "Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628)"
You can, but you have to:
1) Run cert -accept on the machine where the command is generated (the key pair that needs to be associated with the certificate is *ON THAT MACHINE*
2) Enable key export in the certificate template (prior to the cert request being generated)
3) Export the certificate as a PKCS#12
4) Distribute the PKCS#12 to the target server and install
That is the *ONLY* way that it will work if you want to generate on one server
Brian
May 16th, 2013 9:53am
try this: certreq -accept -machine C:\SCCM\ourTarget.cer
also, you need to run the command on the same machine where the request was generated.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Check out new:
PowerShell FCIV tool.
Free Windows Admin Tool Kit Click here and download it now
May 16th, 2013 12:30pm
But if I run this on the same machine where the request was generated, I install this certificate on that machine right?
So my next question is, is it possible to generate the certificates for other servers in our domain all on 1 server, because that is what i'm trying to do?
May 16th, 2013 12:40pm
At the moment we have the following server set up:
A SCCM server which is running a script for certain devices in our network and generating a .cer file for each device.
Next we want this .cer file to be installed on an certain devices for which this already has been generated (by the script running on the SCCM server).
PS C:\Windows\ccmcache\f> certreq -accept C:\SCCM\ourTarget.cer
Usage:
CertReq -?
CertReq [-v] -?
CertReq [-Command] -?
CertReq -Accept [Options] [CertChainFileIn | FullResponseFileIn | CertFileIn]
Accept and install a response to a previous new request.
Options:
-user
-machine
-pin Pin
Expected -user | -machine argument
Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628)
Why do I get this error and what can I do to fix this?
Where generating the .cer files on the SCCM server for firewall reasons.
Also, if I run everything on 1 server (like in 1 powershell prompt) everything installs succesfully.
Kind regards
Thijs
Free Windows Admin Tool Kit Click here and download it now
May 17th, 2013 4:35am
try this: certreq -accept -machine C:\SCCM\ourTarget.cer
also, you need to run the command on the same machine where the request was generated.My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com
Check out new:
PowerShell FCIV tool.
May 17th, 2013 5:43am
Thank you all for your answers.
Indeed I had to accept the certificate on the same server.
And in case you want to know, I get the private key using this command:
write-host "Creating private key" -ForegroundColor Yellow
dir cert:\localmachine\my |
Where-Object { $_.hasPrivateKey -and $($_.subject) -eq "CN=$Computer.$fqdn" } |
Foreach-Object {[system.IO.file]::WriteAllBytes(
"C:\SCCM\$($_.subject).pfx",
($_.Export('PFX', 'secret')) ) }
This checks for all the machine certificates with a certain computername + fqdn and creates a .pfx file.
Free Windows Admin Tool Kit Click here and download it now
May 17th, 2013 5:57am
Thank you all for your answers.
Indeed I had to accept the certificate on the same server.
And in case you want to know, I get the private key using this command:
write-host "Creating private key" -ForegroundColor Yellow
dir cert:\localmachine\my |
Where-Object { $_.hasPrivateKey -and $($_.subject) -eq "CN=$Computer.$fqdn" } |
Foreach-Object {[system.IO.file]::WriteAllBytes(
"C:\SCCM\$($_.subject).pfx",
($_.Export('PFX', 'secret')) ) }
This checks for all the machine certificates with a certain computername + fqdn and creates a .pfx file.
May 17th, 2013 12:49pm