Sysadmins LV
Vadims Podāns
Vadims Podāns
  • I work at
PKI Solutions
Microsoft Most Valuable Professional: Windows PowerShell
Protected by Copyscape DMCA Takedown Notice Search Tool
This page is retired and no longer updated. Project documentation and download links are moved to their new home: PowerShell PKI Module.
This command is not available in non-domain environments
This command requires installed Remote Server Administration Tools (RSAT)

Add-CertificateEnrollmentService

Synopsis

Installs Certificate Enrollment Service (CES) instance on a local computer.

Syntax

Add-CertificateEnrollmentService [[-CAConfig] <String>] [[-Authentication] <String> {UsrPwd | Kerberos | Certificate} ] [[-User] <String>] [[-Password] <SecureString>] [-RenewalOnly] [<CommonParameters>]

Description

Installs Certificate Enrollment Service (CES) instance and configures it to work with specified certification authority. This command supports only Windows Server 2008 R2 and newer operating systems.

Parameters

-CAConfig <String>

Specifies certification authority configuration string in: CAComputerName\CASamitizedName format. CAComputerName may be either DNS or NetBIOS name. If this parameter is omitted, CA selection UI will be displayed during instance installation. If this parameter is omitted, an UI dialog box with CA server selection will be showed.

Required? False
Position? 0
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Authentication <String>

Specifies authentication type for communication. Possible values are: Kerberos, UsrPwd or Certificate. Kerberos is used by default.

Required? False
Position? 1
Default value Kerberos
Accept pipeline input? false
Accept wildcard characters? False

-User <String>

Sets CES AppPool account name. If this parameter is omitted, ApplicationPoolIdentity account will be used.

Required? False
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? False

-RenewalOnly <SwitchParameter>

Sets CES service mode to Renewal Only. In that case CES will process certificate renewal requests only. No new certificate requests will be accepted.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

-Password <SecureString>

Required? False
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

None.

Outputs

SysadminsLV.PKI.Utils.IServiceOperationResult

Notes

Author: Vadims Podans
Blog: https://www.sysadmins.lv

Examples

Example 1

PS C:\> Add-CertificateEnrollmentService

Running command without parameters will cause CA selection UI appearance. You will need to select CA server for CES server. In addition, default Kerberos authentication will be used.

Example 2

PS C:\> Add-CertificateEnrollmentService -CAConfig CA1\Contoso-CA -Authentication Certificate -User CustomUser -Password CustomPassword

In this example CES server will be configured to CA server with Contoso-CA name and that is hosted on the computer named CA1. CES server will use client certificate for authentication and IIS AppPool will be configured to run under CustomUser account that has CustomPassword password.

Related links

Add-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateEnrollmentPolicyService

Minimum PowerShell version support

  • PowerShell 3.0

Operating System Support

  • Windows Server 2008 R2 all editions
Share this article: