Reputation: 527
I am trying to partially automate our cert request process and I am having trouble getting certreq to run remotely. Code is below. The CSR is not generated, and no error is generated, so I am not sure what the issue might be.
$svr = Read-Host "Enter server name"
$cred = [cred]
$dom = (gwmi Win32_ComputerSystem -ComputerName $svr -Credential $cred).Domain
$infPath = "C:\temp\inf.inf"
Set-Content -Value "[Version]
Signature=`"`$Windows NT$`"
[NewRequest]
Subject=`"CN=$svr.$dom`"
Exportable=FALSE
KeyLength=2048
KeySpec=1
MachineKeySet=TRUE
PrivateKeyArchive=FALSE
ProviderName=`"Microsoft RSA SChannel Cryptographic Provider`"
ProviderType = 12
RequestType=PKCS10
Silent=TRUE
UseExistingKeySet=FALSE
UserProtected=FALSE
KeyUsage = 0xF0" -Path "C:\temp\inf.inf" -Force
cp -Path "C:\temp\inf.inf" -Destination "\\$svr\C$\temp\"
$reqString = "certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"
Invoke-Command -ComputerName [servername] -ScriptBlock {"certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"} -Credential $cred
cp -Path "\\$svr\C$\temp\request.csr" -Destination "C:\temp\"
Upvotes: 0
Views: 3527
Reputation: 486
It can sometimes be a bit finicky to execute Cmd commands on a target system, as they don't always have the latest PS version. One of the more reliable ways I've found is to pass the arguments to the Cmd command as a variable/array:
Invoke-Command -ComputerName [servername] -ScriptBlock { & certreq @("-q", "-new", "-p <password>", "C:\temp\inf.inf", "C:\temp\request.csr") } -Credential $cred
I also assumed you had just removed your password from the script, otherwise I don't understand why you have the -p
argument.
Source: http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx
Upvotes: 0
Reputation: 1015
Based on comments, I assume you do not have problem when running certreq command locally on the remote computer, also you do not have problem with the first cp command which moves files from local path to remote path. Lead me to believe the problem is solely on the format of Invoke-Command
.
Assuming you don't have problem resolve the server name and the credential given is at least be able to run certreq on the remote computer, the only suggestion I can make is remove the double quote for the scriptblock
Invoke-Command -ComputerName [servername] -ScriptBlock {certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr} -Credential $cred
Upvotes: 2