How to install the response from a CA programmatically (PowerShell)

Hi all,

 

The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.

The following Powershell sample does that:

 $strBase64Response = get-content "C:\Test\Base64.cer"
 $objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment
 $objEnroll.Initialize(0x2);
 $objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)

 

Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.

Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.

I hope this helps.

Regards,

 

Alex (Alejandro Campos Magencio)