Thanks for the great post, it helped me confirm I am not alone facing the problem.
So is there any work around this problem in your knowledge?
I also sent you an email, kindly if you respond,
if you need to create a request on non-domain machine and that request will be submitted to Enterprise CA you need to confirm error message and proceed. This is expected behavior.
I need to request a certificate for computer which is not a domain member. Certificate is needed for L2TP VPN.
When I run certreq -new based on inf file, i got an error that template is not found.(Template not found. Do you wish to continue anyway?)
Where should I run "certreq -new req.inf req.req"? On issuing CA or nonDomain computer?
I've used "Prepare certificate request template" and "Create a request file to use with an Enterprise CA" from SCENARIO 2. I have two tier PKI (Offline ROOT CA and Enterprise Issuing subordinate CA).
Awesome post and flow chart - thanks!
After a bit more experimentation I was able to get it using this:
$ip = [Convert]::ToBase64String(([System.Net.IPAddress] "10.0.1.2").GetAddressBytes())
(New-Object -ComObject X509Enrollment.CAlternativeName).InitializeFromRawData(8, 0x1, $ip)
© 2008 - 2021 - Sysadmins LV. All rights reserved