PowerShell PKI Module Documentation

Documentation Home

Submit-CertificateRequest

Synopsis

Submits certificate request to a Certification Authority.

Syntax

Submit-CertificateRequest [-Path] <String[]> -CertificationAuthority <CertificateAuthority> [-Credential <PSCredential>] [-Attribute <String[]>] [<CommonParameters>]

Submit-CertificateRequest [-Path] <String[]> -EnrollmentPolicyServer <PolicyServerClient> [-Credential <PSCredential>] [-Attribute <String[]>] [<CommonParameters>]

Description

Submits certificate request to a Certification Authority. The commands returns an object that indicates the status of the submission. If the certificate is issued immediately, issued certificate is included in the returned object.

Parameters

-CertificationAuthority <CertificateAuthority>

Specifies a Certification Authority object to which the request is submitted. CA object can be retrieved by running either Get-CertificationAuthority or Connect-CertificationAuthority commands.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Credential <PSCredential>

Provides credentials to access enrollment policy server in the case when existing credentials are not saved in the credential vault. If enrollment policy server uses user name and password authentication, UserName field contains user name account name and Password field contains the password for the user account. If enrollment policy server uses certificate-based authentication, UserName field contains client authentication certificate's thumbprint and Password field must be empty (not set).

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Attribute <String[]>

Specifies optional attributes which are passed along with the request and are used by Certification Authority to construct the certificate. The following syntax is used:

<AttributeName>:<AttributeValue>

where <AttributeName> is an attribute name and <AttributeValue> is the value of the attribute. This command accepts multiple attributes.

For example, Enterprise CAs require certificate template information in the request, however, not all applications adds this information to the request (for example, Internet Information Service console, Exchange Management Console, non-Microsoft tools and other). In this case you can pass certificate template as an attribute:

CertificateTemplate:WebServer

where 'CertificateTemplate' is attribute name and 'WebServer' is attribute value (in a given example it is certificate template common name).

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-EnrollmentPolicyServer <PolicyServerClient>

Specifies the enrollment policy server endpoint to which the request will be sent. Enrollment policy server endpoint object can be retrieved by running Get-EnrollmentPolicyServerClient command.

Required? True
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Path <String[]>

Specifies the path to a request file.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

System.IO.FileInfo[]

Outputs

PKI.Enrollment.CertRequestStatus

Notes

Examples

Examlple 1

PS C:\> $ca = Connect-CA ca01*
PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer"

First command retrieves CA object the request is submitted to. Second line submits certificate request (CSR) to CA server selected in first command and returns certificate request submission status (issued, pending, denied, failed). If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value. Request is submitted via RPC/DCOM transport.

Example 2

PS C:\> $cred = Get-Credential
PS C:\> $status = Submit-CertificateRequest -Path c:\test\certreq.csr -CA $ca -Attribute "CertificateTemplate:WebServer" -CEP "https://cep.fabrikam.com/fabrikam%20Root%20CA1_CES_UsernamePassword/service.svc/CES" -Credential $cred

First line requests user credentials to authenticate on certificate enrollment policy server (when user name and password authentication scheme is used). Second line submits certificate request to CA via certificate enrollment web services and returns submission status. If CSR doesn't contain template information required by Enterprise Certification Authority, it must be specified in "-Attrbiute" parameter. If certificate is immediately issued, it is stored in return value

Related links

Receive-Certificate

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions