CertReq.exe is used to submit certificate requests to Certificate Server. CertReq command usage is as follows:
CertReq [-config ConfigString] [-attrib AttributeString] [RequestFile CertFile]
Result: Submits the certificate request file specified by RequestFile to Certificate Server. CertReq will prompt the user for the request and certificate file names if the RequestFile and CertFile parameters are not given in the command line. If the request is accepted the certificate will be written to the file specified by CertFile. The following is a valid example:
certreq -attrib "attribname1:attribvalue1\nattribname2:37"
CertReq [-keygen -attrib AttributeString] KeyGenFile CertFile
Result: Submits the KeyGen input file specified by KeyGenFile to Certificate Server. A KeyGen input file must have an attribute string containing a challenge string matching the challenge string in the KeyGen request, and the subject name. The following example sets a challenge string = "test":
certreq -keygen -attrib "challenge:test\ncn=Your Name" KeyGenFile.req
If the request is accepted the certificate will be written to the file specified by CertFile.
CertReq [-config ConfigString] -retrieve [RequestId CertFile] [CertChainFile]
Result: Resubmits the pending certificate request specified by RequestId to Certificate Server. If the request is accepted the certificate will be written to the file specified by CertFile.
The CertReq command options are as follows:
|-attrib AttributeString||Sets the named attribute specified by AttributeString in the certificate request. The literal string "\n" separates multiple attributes. See example in CertReq command usage.|
|-config ConfigString||Causes the request to be processed using the Certificate Authority (CA) identified in the configuration string specified by ConfigString. Without this option, the default CA will process the request.|
|-?||Displays the command options.|
The CertReq parameters are as follows:
|KeyGenFile||Base64-encoded KeyGen input file name containing the raw request.|
|RequestFile||Base64-encoded PKCS10 input file containing the raw request. CertReq will prompt the user for the input file name if it is not provided in the command line.|
|CertFile||Base64-encoded X.509 certificate output file name. CertFile must be used when RequestFile is specified.|
|CertChainFile||Optional parameter specifying a Base64-encoded PKCS7 output file that will contain the CA certificate and the issued certificate.|
For further explanation of how to use CertReq, see Requesting Certificates with CertReq.