0

I am trying to partially automate our cert request process and I am having trouble getting certreq to run remotely. Code is below. The CSR is not generated, and no error is generated, so I am not sure what the issue might be.

$svr = Read-Host "Enter server name"
$cred = [cred]
$dom = (gwmi Win32_ComputerSystem -ComputerName $svr -Credential $cred).Domain
$infPath = "C:\temp\inf.inf"

Set-Content -Value "[Version]
Signature=`"`$Windows NT$`"
[NewRequest]
Subject=`"CN=$svr.$dom`"
Exportable=FALSE
KeyLength=2048
KeySpec=1
MachineKeySet=TRUE
PrivateKeyArchive=FALSE
ProviderName=`"Microsoft RSA SChannel Cryptographic Provider`"
ProviderType = 12
RequestType=PKCS10
Silent=TRUE
UseExistingKeySet=FALSE
UserProtected=FALSE
KeyUsage = 0xF0" -Path "C:\temp\inf.inf" -Force

cp -Path "C:\temp\inf.inf" -Destination "\\$svr\C$\temp\"

$reqString = "certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"

Invoke-Command -ComputerName [servername] -ScriptBlock {"certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr"} -Credential $cred

cp -Path "\\$svr\C$\temp\request.csr" -Destination "C:\temp\"
Improve this question
5
  • 3
    Is it getting expected result when running locally on the remote computer? Commented Apr 22, 2016 at 21:47
  • Everything seems to work, with the exception of the remote command. The error I get is when it tries to bring the csr file back. Commented Apr 25, 2016 at 13:35
  • What is the error you are getting? Commented Apr 25, 2016 at 13:45
  • The error I get is that the csr file can't be transferred back. Commented Apr 27, 2016 at 14:49
  • can anybody state the difference between CSR content being generated locally and on remote computer when given the same values ? Why cannot it can generate locally.. Commented Jul 16, 2018 at 18:50

2 Answers 2

Reset to default
2
+50

Based on comments, I assume you do not have problem when running certreq command locally on the remote computer, also you do not have problem with the first cp command which moves files from local path to remote path. Lead me to believe the problem is solely on the format of Invoke-Command.

Assuming you don't have problem resolve the server name and the credential given is at least be able to run certreq on the remote computer, the only suggestion I can make is remove the double quote for the scriptblock

Invoke-Command -ComputerName [servername] -ScriptBlock {certreq -q -new -p C:\temp\inf.inf C:\temp\request.csr} -Credential $cred
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It can sometimes be a bit finicky to execute Cmd commands on a target system, as they don't always have the latest PS version. One of the more reliable ways I've found is to pass the arguments to the Cmd command as a variable/array:

Invoke-Command -ComputerName [servername] -ScriptBlock { & certreq @("-q", "-new", "-p <password>", "C:\temp\inf.inf", "C:\temp\request.csr") } -Credential $cred

I also assumed you had just removed your password from the script, otherwise I don't understand why you have the -p argument.

Source: http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.