Comments on this page are supposed to improve article content and no technical support is provided. For technical questions, please visit project home page at: https://github.com/Crypt32/PSPKI

Add-CertificateEnrollmentService

[This command is not available in non-domain environments]

[This command requires installed Remote Server Administration Tools (RSAT)]

Add-CertificateEnrollmentService

Synopsis

Installs Certificate Enrollment Service (CES) instance on a local computer.

Syntax

Add-CertificateEnrollmentService [[-CAConfig] <String>] [[-Authentication] <String> {UsrPwd | Kerberos | Certificate} ] [[-User] <String>] [[-Password] <String>] [-RenewalOnly] [<CommonParameters>]

Description

Installs Certificate Enrollment Service (CES) instance and configures it to work with specified certification authority. This command supports only Windows Server 2008 R2 and newer operating systems.

Parameters

-CAConfig <String>

Specifies certification authority configuration string in: CAComputerName\CASamitizedName format. CAComputerName may be either DNS or NetBIOS name. If this parameter is omitted, CA selection UI will be displayed during instance installation. If this parameter is omitted, an UI dialog box with CA server selection will be showed.

Required? False
Position? 0
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-Authentication <String>

Specifies authentication type for communication. Possible values are: Kerberos, UsrPwd or Certificate. Kerberos is used by default.

Required? False
Position? 1
Default value Kerberos
Accept pipeline input? false
Accept wildcard characters? False

-User <String>

Sets CES AppPool account name. If this parameter is omitted, ApplicationPoolIdentity account will be used.

Required? False
Position? 2
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-Password <String>

Sets CES AppPool account password.

Required? False
Position? 3
Default value  
Accept pipeline input? false
Accept wildcard characters? False

-RenewalOnly <SwitchParameter>

Sets CES service mode to Renewal Only. In that case CES will process certificate renewal requests only. No new certificate requests will be accepted.

Required? False
Position? named
Default value  
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

None.

Outputs

None.

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Add-CertificateEnrollmentService

Running command without parameters will cause CA selection UI appearance. You will need to select CA server for CES server. In addition, default Kerberos authentication will be used.

Example 2

PS C:\> Add-CertificateEnrollmentService -CAConfig CA1\Contoso-CA -Authentication Certificate -User CustomUser -Password CustomPassword

In this example CES server will be configured to CA server with Contoso-CA name and that is hosted on the computer named CA1. CES server will use client certificate for authentication and IIS AppPool will be configured to run under CustomUser account that has CustomPassword password.

Related links

Add-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateEnrollmentPolicyService

PowerShell Support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2008 R2 all editions

Comments:

Captcha