Installs Certificate Enrollment Service (CES) instance on a local computer.
Add-CertificateEnrollmentService [[-CAConfig] <String>] [[-Authentication] <String> {UsrPwd | Kerberos | Certificate} ] [[-User] <String>] [[-Password] <SecureString>] [-RenewalOnly] [<CommonParameters>]
Installs Certificate Enrollment Service (CES) instance and configures it to work with specified certification authority. This command supports only Windows Server 2008 R2 and newer operating systems.
Specifies certification authority configuration string in: CAComputerName\CASamitizedName format. CAComputerName may be either DNS or NetBIOS name. If this parameter is omitted, CA selection UI will be displayed during instance installation. If this parameter is omitted, an UI dialog box with CA server selection will be showed.
Required? | False |
Position? | 0 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Specifies authentication type for communication. Possible values are: Kerberos, UsrPwd or Certificate. Kerberos is used by default.
Required? | False |
Position? | 1 |
Default value | Kerberos |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Sets CES AppPool account name. If this parameter is omitted, ApplicationPoolIdentity account will be used.
Required? | False |
Position? | 2 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Sets CES service mode to Renewal Only. In that case CES will process certificate renewal requests only. No new certificate requests will be accepted.
Required? | False |
Position? | named |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
Required? | False |
Position? | 3 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
None.
SysadminsLV.PKI.Utils.IServiceOperationResult
Author: Vadims Podans
Blog: https://www.sysadmins.lv
PS C:\> Add-CertificateEnrollmentService
Running command without parameters will cause CA selection UI appearance. You will need to select CA server for CES server. In addition, default Kerberos authentication will be used.
PS C:\> Add-CertificateEnrollmentService -CAConfig CA1\Contoso-CA -Authentication Certificate -User CustomUser -Password CustomPassword
In this example CES server will be configured to CA server with Contoso-CA name and that is hosted on the computer named CA1. CES server will use client certificate for authentication and IIS AppPool will be configured to run under CustomUser account that has CustomPassword password.
Add-CertificateEnrollmentPolicyService
Remove-CertificateEnrollmentService
Remove-CertificateEnrollmentPolicyService