PowerShell PKI Module Documentation
Documentation HomeSubmit-CertificateRequest
Synopsis
Submits certificate request to a Certification Authority.
Syntax
Submit-CertificateRequest [-Path] <String[]> -CertificationAuthority <CertificateAuthority> [-Credential <PSCredential>] [-Attribute <String[]>] [<CommonParameters>] Submit-CertificateRequest [-Path] <String[]> -EnrollmentPolicyServer <PolicyServerClient> [-Credential <PSCredential>] [-Attribute <String[]>] [<CommonParameters>]
Description
Submits certificate request to a Certification Authority. The commands returns an object that indicates the status of the submission. If the certificate is issued immediately, issued certificate is included in the returned object.
Parameters
-CertificationAuthority <CertificateAuthority>
Specifies a Certification Authority object to which the request is submitted. CA object can be retrieved by running either Get-CertificationAuthority or Connect-CertificationAuthority commands.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Credential <PSCredential>
Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Attribute <String[]>
Specifies optional attributes which are passed along with the request and are used by Certification Authority to construct the certificate. The following syntax is used:
<AttributeName>:<AttributeValue>
where <AttributeName> is an attribute name and <AttributeValue> is the value of the attribute. This command accepts multiple attributes.
For example, Enterprise CAs require certificate template information in the request, however, not all applications adds this information to the request (for example, Internet Information Service console, Exchange Management Console, non-Microsoft tools and other). In this case you can pass certificate template as an attribute:
CertificateTemplate:WebServer
where 'CertificateTemplate' is attribute name and 'WebServer' is attribute value (in a given example it is certificate template common name).
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-EnrollmentPolicyServer <PolicyServerClient>
Specifies the enrollment policy server endpoint to which the request will be sent. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.
Required? | True |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Path <String[]>
Specifies the path to a request file.
Required? | True |
Position? | 0 |
Default value | |
Accept pipeline input? | true (ByValue) |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
Outputs
PKI.Enrollment.CertRequestStatus
Notes
Examples
Examlple 1
PS C:\> $ca = Connect-CA ca01* PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer"
First command retrieves CA object the request is submitted to. Second line submits certificate request (CSR) to CA server selected in first command and returns certificate request submission status (issued, pending, denied, failed). If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value. Request is submitted via RPC/DCOM transport.
Example 2
PS C:\> $cred = Get-Credential PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer" -CEP "https://cep.fabrikam.com/fabrikam%20Root%20CA1_CES_UsernamePassword/service.svc/CES" -Credential $cred
First line requests user credentials to authenticate on certificate enrollment policy server (when user name and password authentication scheme is used). Second line submits certificate request to CA via certificate enrollment web services and returns submission status. If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value
Related links
Minimum PowerShell version support
- Windows PowerShell 3.0
Operating System Support
- Windows 7
- Windows 8
- Windows 8.1
- Windows 10
- Windows 11
- Windows Server 2008 R2 all editions
- Windows Server 2012 all editions
- Windows Server 2012 R2 all editions
- Windows Server 2016 all editions
- Windows Server 2019 all editions
- Windows Server 2022 all editions