Historical Content Alert

This is a historical content for Windows 2000 product and is presented for informative purposes only. All content on this page is copyrighted and owned by Microsoft.


You can use CertReq.exe to request certificates from a certification authority (CA) from the command prompt.


CertReq [-rpc] [-binary] [-config ConfigString] [-attrib AttributeString] [RequestFile [Certfile[CertChainFile]]]
CertReq -retrieve [-rpc] [-binary] [-config ConfigString] [RequestId [Certfile [CertChainFile]]]
CertReq -?

The CertReq command options are as follows:

-attrib AttributeString Attribute name, value string pairs. (See example of AttributeString below.)
-binary Output files in binary format instead of Base64-encoded.
-config ConfigString Server\CertificationAuthority configuration string. To choose the default, use a single minus sign (-) as the configuration string.
-rpc Instructs Certificate Services to use RPC server connection instead of DCOM .
-retrieve If you submit a request to the certification authority (CA), the policy module of the CA may leave the request in a pending state and return the RequestId to the certreq caller for display. Eventually, the certification authority's administrator will use the Certification Authority snap-in or an equivalent custom user interface to resubmit the request and issue the certificate, or to deny the request. Certreq -retrieve RequestId may be used to retrieve the certificate after the certificate authority has actually issued it. It also may be used to retrieve any certificate that has ever been issued by the certification authority (even revoked or expired certificates), without regard to whether the certificate's request was ever in the pending state.
-? Display usage assistance.
RequestFile Base64-encoded or binary input file name. May be a PKCS #10 certificate request, PKCS #7 certificate renewal request, or KeyGen tag format certificate request
CertFile Base64-encoded, X-509 output file name
CertChainFile Base64-encoded, PKCS #7 output file name
ConfigString Server Name and Certification Authority Name, separated by a backslash.
AttributeString Name and Value string pairs, separated by a colon. Each pair is separated by \n. For example:

Name1: Value1\n Name2: Value2

Share this article: