Historical Content Alert
This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.

CertReq

CertReq.exe is used to submit certificate requests to Certificate Server. CertReq command usage is as follows:

CertReq [-config ConfigString] [-attrib AttributeString] [RequestFile CertFile]
[CertChainFile]
Result: Submits the certificate request file specified by RequestFile to Certificate Server. CertReq will prompt the user for the request and certificate file names if the RequestFile and CertFile parameters are not given in the command line. If the request is accepted the certificate will be written to the file specified by CertFile. The following is a valid example:

certreq -attrib "attribname1:attribvalue1\nattribname2:37"
ReqFile.req CertFile.crt

CertReq [-keygen -attrib AttributeString] KeyGenFile CertFile
[CertChainFile]
Result: Submits the KeyGen input file specified by KeyGenFile to Certificate Server. A KeyGen input file must have an attribute string containing a challenge string matching the challenge string in the KeyGen request, and the subject name. The following example sets a challenge string = "test":

certreq -keygen -attrib "challenge:test\ncn=Your Name" KeyGenFile.req
CertFile.crt

If the request is accepted the certificate will be written to the file specified by CertFile.

CertReq [-config ConfigString] -retrieve [RequestId CertFile] [CertChainFile]
Result: Resubmits the pending certificate request specified by RequestId to Certificate Server. If the request is accepted the certificate will be written to the file specified by CertFile.

The CertReq command options are as follows:

-attrib AttributeString Sets the named attribute specified by AttributeString in the certificate request. The literal string "\n" separates multiple attributes. See example in CertReq command usage.
-config ConfigString Causes the request to be processed using the Certificate Authority (CA) identified in the configuration string specified by ConfigString. Without this option, the default CA will process the request.
-? Displays the command options.

The CertReq parameters are as follows:

KeyGenFile Base64-encoded KeyGen input file name containing the raw request.
RequestFile Base64-encoded PKCS10 input file containing the raw request. CertReq will prompt the user for the input file name if it is not provided in the command line.
CertFile Base64-encoded X.509 certificate output file name. CertFile must be used when RequestFile is specified.
CertChainFile Optional parameter specifying a Base64-encoded PKCS7 output file that will contain the CA certificate and the issued certificate.

For further explanation of how to use CertReq, see Requesting Certificates with CertReq.


Share this article: