Windows CA Certificate Request via Commandline

certificate-authoritywindows 7windows-server-2008-r2

I have a non-domain PC (windows 7) attempting to obtain a cert from a Windows 2008 R2 Enterprise CA. I have the root ca and crl's installed on the non-domain client.

I'm working on a script that will create a certificate request file (.inf), take that request file and turn it into a .req binary, and then submit to a CA. How would I go about submitting the a certificate request via the command line? I've tried using the command below but it errors with "The certificate authority is invalid or incorrect 0x80072f0d (Win32: 12045).

certreq -submit -Username domain\user -p password -PolicyServer ""  -config ""  -attrib "CertificateTemplate:Computer"  C:\cert1.req C:\cert.cer

Best Answer

I found the answer. This command will submit BinaryRequest.req to the CA (which is set to autoenroll) and save it as newcert.cer

certreq -submit -f -config "\caname" BinaryRequest.req newcert.cer