Q: How can I submit a certificate request to an Enterprise CA from a machine that's not a domain member?

A: It's possible to use the certreQ:exe tool that's part of Windows to submit a request you have generated (such as with IIS Manager) to an Enterprise CA; you pass the Enterprise CA host and CA name, then credentials to use. For example, typing the following

C:\>certreq -submit -username savilltech\administrator -p password -config savdaldc10.savilltech.net\savilltech-SAVDALDC10-CA -attrib "CertificateTemplate:WebServer" savdalf01.req savdalfs01.cer

generates this output which shows the request and certificate issuance:

RequestId: 20
RequestId: "20"
Certificate retrieved(Issued) Issued

Note that you need to change your CA server and also the credentials and certificate template if it's not an SSL certificate. The returned certificate is stored in the .cer file you specify in the command.

If you're unsure of the name of your enterprise CA, launch the Certification Authority administrator tool. It shows the CA name at the root of the navigation (see the screen shot below). You just add this to the name of the server in the certreq command (e.g., \).

certentname_0

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish