Recently, all Windows XP workstation users within a corporate domain were required to request and install a certificate from the Enterprise Certificate Authority (Active Directory Certificate Services). Typically, the Certificate Manager Management console Snap-in Control (certmgr.msc) is used to request new certificates, as in the screenshot shown below. So, I was required to automate this process using a script that could be pushed to all the Windows XP workstations and executed.
A tool called certreq.exe enables command-line execution of the steps performed by certmgr.msc. Hence, I developed a simple MS-DOS batch script using certreq.exe to automate the process of requesting new certificates from an Active Directory CA. You may download the ZIP file below to view/use the script:
Download RequestCert.zip
Instructions to use RequestCert.zip:
(1) Unzip RequestCert.zip using WinZip, 7-zip or your favourite decompression software. A directory called RequestCert will be created with the following files:
-
RequestCert.bat : This is the MS-DOS batch file that uses certreq.exe to automate the Certificate Request process
-
RequestCert.inf : This is the setup file containing information required by certreq.exe.
-
certreq.exe : Microsoft tool (bundled with Windows SDK)
(2) Edit RequestCert.bat and set the value for the variables CA_SERVER (FQDN/IP/hostname of the CA server) and CA_NAME (Name of the CA).
(3) Edit RequestCert.inf and set the value of CertificateTemplate, if required.
(4) Execute RequestCert.bat
NOTE: RequestCert.bat met my requirement which was really basic. You may amend the script and the INF file to automate Certificate Requests for other requirements.
