I am trying to request a certificate from a machine that is in the same domain as our enterprise CA server. Everything is working fine but I'm one step away from making my script have zero user interaction.
I basically modified the following script to contain no parameters and removed the SAN options:
https://www.powershellgallery.com/packages/Request-Certificate/1.5.0
After the following command to create a new request from an .inf file, I get a popup window:
Invoke-Expression -Command "certreq -new `"$inf`" `"$req`""
Machine context template conflicts with user context.
When I click OK, everything works fine. A new request gets created and rest of the script works fine. But I can't find a way to click "OK" programmatically.
certreq tool does have the -q
(to suppress interactive prompts) and -f
(to force/bypass things) but none of those work.
certreq -new -q $inf $req
OR using both -q
and -f
results in:
Active Directory Enrollment Policy
{<GUID>}
ldap:
Machine context template conflicts with user context.
Certificate Request Processor: The specified role was not configured for the application 0x8004e00c (-2147164148 CONTEXT_E_ROLENOTFOUND)
I am pretty much stuck here. Any help would be appreciated!
The problem is that the template is of kind Computer
and not User
. That means the request should be created in the context of the computer account. This means you must run the script as SYSTEM
, Administrator
or any other account allowed to identify as the Computer.