Acerbity
Acerbity

Reputation: 527

Using PowerShell to run certreq remotely

I am trying to partially automate our cert request process and I am having trouble getting certreq to run remotely. Code is below. The CSR is not generated, and no error is generated, so I am not sure what the issue might be.

$svr = Read-Host "Enter server name"
$cred = [cred]
$dom = (gwmi Win32_ComputerSystem -ComputerName $svr -Credential $cred).Domain
$infPath = "C:\temp\inf.inf"

Set-Content -Value "[Version]
Signature=`"`$Windows NT$`"
[NewRequest]
Subject=`"CN=$svr.$dom`"
Exportable=FALSE
KeyLength=2048
KeySpec=1
MachineKeySet=TRUE
PrivateKeyArchive=FALSE
ProviderName=`"Microsoft RSA SChannel Cryptographic Provider`"
ProviderType = 12
RequestType=PKCS10
Silent=TRUE
UseExistingKeySet=FALSE
UserProtected=FALSE
KeyUsage = 0xF0" -Path "C:\temp\inf.inf" -Force

cp -Path "C:\temp\inf.inf" -Destination "\\$svr\C$\temp\"

$reqString = "certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"

Invoke-Command -ComputerName [servername] -ScriptBlock {"certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"} -Credential $cred

cp -Path "\\$svr\C$\temp\request.csr" -Destination "C:\temp\"

Upvotes: 0

Views: 3527

Answers (2)

Negorath
Negorath

Reputation: 486

It can sometimes be a bit finicky to execute Cmd commands on a target system, as they don't always have the latest PS version. One of the more reliable ways I've found is to pass the arguments to the Cmd command as a variable/array:

Invoke-Command -ComputerName [servername] -ScriptBlock { & certreq @("-q", "-new", "-p <password>", "C:\temp\inf.inf", "C:\temp\request.csr") } -Credential $cred

I also assumed you had just removed your password from the script, otherwise I don't understand why you have the -p argument.

Source: http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx

Upvotes: 0

Kai Zhao
Kai Zhao

Reputation: 1015

Based on comments, I assume you do not have problem when running certreq command locally on the remote computer, also you do not have problem with the first cp command which moves files from local path to remote path. Lead me to believe the problem is solely on the format of Invoke-Command.

Assuming you don't have problem resolve the server name and the credential given is at least be able to run certreq on the remote computer, the only suggestion I can make is remove the double quote for the scriptblock

Invoke-Command -ComputerName [servername] -ScriptBlock {certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr} -Credential $cred

Upvotes: 2

Related Questions