if you need to create a request on non-domain machine and that request will be submitted to Enterprise CA you need to confirm error message and proceed. This is expected behavior.
I need to request a certificate for computer which is not a domain member. Certificate is needed for L2TP VPN.
When I run certreq -new based on inf file, i got an error that template is not found.(Template not found. Do you wish to continue anyway?)
Where should I run "certreq -new req.inf req.req"? On issuing CA or nonDomain computer?
I've used "Prepare certificate request template" and "Create a request file to use with an Enterprise CA" from SCENARIO 2. I have two tier PKI (Offline ROOT CA and Enterprise Issuing subordinate CA).
Awesome post and flow chart - thanks!
After a bit more experimentation I was able to get it using this:
$ip = [Convert]::ToBase64String(([System.Net.IPAddress] "10.0.1.2").GetAddressBytes())
(New-Object -ComObject X509Enrollment.CAlternativeName).InitializeFromRawData(8, 0x1, $ip)
I stumbled upon your article while researching how to create a alternative name that is an IP address using the CertEnroll API. From the MSDN documentation:
Here's what i've got:
(New-Object -ComObject X509Enrollment.CAlternativeName).InitializeFromRawData(8, 0x1, $rawData)
What i'm having trouble with is $rawData... I'm not sure how to convert "10.0.1.2" to "A BSTR variable that contains the DER-encoded data." as the documentation says...
Can you help?
© 2008 - 2019 - Sysadmins LV. All rights reserved