Prerequisites : Powershell Version 5 & Ssl WinRM
We can use this module where we dont have the local certificate server in the same domain or we dont have the ADDS trust with that domain where we have Certificate server for Certificate Auto-Enrollmemt. We have to run this module at the same domain where Certificate server is present. Import PKIMGMT module in any member server. Please note PKIMgmt Module will not work without having Powershell version 5. .Inf , .Req & .Cer files are copied by SSL WinRM & that feather is availabale on Powershell version 5 & onwards. Adjust Global varriables as per your environment. Also you can use WinRM instead of SSL WINRM (Need to remove -usessl switch from that module). Secutiry is completely taken care within this module. There is no use of port 445. Only 5985 & 5986 communications are required .
Note: Change the CA server name & Template name according your environment.
We will get similar output if Renewal is successful.
You need to change the Below Global varriables as per your environmnt & need to download the Zip file for get the complete code.
$Global:securepass = ConvertTo-SecureString -AsPlainText $Global:passpass -Force $Global:Username = Read-Host -Prompt "Input UserID as UPN Format" $Global:mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Global:Username,$Global:securepass $Global:Hostname = Read-Host -Prompt 'Input Server FQDN' $Global:PSLocation = "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PKIMgmt\PKIMgmt.ps1" $Global:SecureWinRMSession = New-PSSession -ComputerName $Global:Hostname -Credential $Global:mycred -UseSSL $Global:PKIServer = "test-CA01.Contoso.com\ContosoIssuingCA" $Global:Tmpl3 = "KerberosAuthentication"
$Global:securepass = ConvertTo-SecureString -AsPlainText $Global:passpass -Force $Global:Username = Read-Host -Prompt "Input UserID as UPN Format" $Global:mycred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $Global:Username,$Global:securepass $Global:Hostname = Read-Host -Prompt 'Input Server FQDN' $Global:PSLocation = "C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PKIMgmt\PKIMgmt.ps1" $Global:SecureWinRMSession = New-PSSession -ComputerName $Global:Hostname -Credential $Global:mycred -UseSSL $Global:PKIServer = "test-CA01.Contoso.com\ContosoIssuingCA" $Global:Tmpl3 = "KerberosAuthentication"
PS C:\Output> gcm -Module PKIMgmt CommandType Name Version Source ----------- ---- ------- ------ Function Export-CertificateStore 0.0 PKIMgmt Function Get-Pax 0.0 PKIMgmt Function Get-RDPSslBind 0.0 PKIMgmt Function Import-CertificateStore 0.0 PKIMgmt Function Recover-Certificate 0.0 PKIMgmt Function Set-DCCert-Tmpl3 0.0 PKIMgmt Function Test-SslWinRM-DCs 0.0 PKIMgmt
PS C:\Output> gcm -Module PKIMgmt CommandType Name Version Source ----------- ---- ------- ------ Function Export-CertificateStore 0.0 PKIMgmt Function Get-Pax 0.0 PKIMgmt Function Get-RDPSslBind 0.0 PKIMgmt Function Import-CertificateStore 0.0 PKIMgmt Function Recover-Certificate 0.0 PKIMgmt Function Set-DCCert-Tmpl3 0.0 PKIMgmt Function Test-SslWinRM-DCs 0.0 PKIMgmt
SST : Microsoft serialized certificate store
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.