I am trying to request a certificate from a machine that is in the same domain as our enterprise CA server. Everything is working fine but I'm one step away from making my script have zero user interaction.
I basically modified the following script to contain no parameters and removed the SAN options:
https://www.powershellgallery.com/packages/Request-Certificate/1.5.0
After the following command to create a new request from an .inf file, I get a popup window:
Invoke-Expression -Command "certreq -new `"$inf`" `"$req`""
Machine context template conflicts with user context.
When I click OK, everything works fine. A new request gets created and rest of the script works fine. But I can't find a way to click "OK" programmatically.
certreq tool does have the -q (to suppress interactive prompts) and -f (to force/bypass things) but none of those work.
certreq -new -q $inf $req OR using both -q and -f results in:
Active Directory Enrollment Policy
{<GUID>}
ldap:
Machine context template conflicts with user context.
Certificate Request Processor: The specified role was not configured for the application 0x8004e00c (-2147164148 CONTEXT_E_ROLENOTFOUND)
I am pretty much stuck here. Any help would be appreciated!
The problem is that the template is of kind Computer and not User. That means the request should be created in the context of the computer account. This means you must run the script as SYSTEM, Administrator or any other account allowed to identify as the Computer.