You can use CertReq.exe to request certificates from a certification authority (CA) from the command prompt.
The CertReq command options are as follows:
-attrib AttributeString | Attribute name, value string pairs. (See example of AttributeString below.) |
-binary | Output files in binary format instead of Base64-encoded. |
-config ConfigString | Server\CertificationAuthority configuration string. To choose the default, use a single minus sign (-) as the configuration string. |
-rpc | Instructs Certificate Services to use RPC server connection instead of DCOM . |
-retrieve | If you submit a request to the certification authority (CA), the policy module of the CA may leave the request in a pending state and return the RequestId to the certreq caller for display. Eventually, the certification authority's administrator will use the Certification Authority snap-in or an equivalent custom user interface to resubmit the request and issue the certificate, or to deny the request. Certreq -retrieve RequestId may be used to retrieve the certificate after the certificate authority has actually issued it. It also may be used to retrieve any certificate that has ever been issued by the certification authority (even revoked or expired certificates), without regard to whether the certificate's request was ever in the pending state. |
-? | Display usage assistance. |
RequestFile | Base64-encoded or binary input file name. May be a PKCS #10 certificate request, PKCS #7 certificate renewal request, or KeyGen tag format certificate request |
CertFile | Base64-encoded, X-509 output file name |
CertChainFile | Base64-encoded, PKCS #7 output file name |
ConfigString | Server Name and Certification Authority Name, separated by a backslash. |
AttributeString | Name and Value string pairs, separated by a colon. Each pair is separated by \n. For example:
|