Retired Microsoft Blog disclaimer

This directory is a mirror of retired "Decrypt My World" MSDN blog and is provided as is. All posting authorship and copyrights belong to respective authors.
Original URL:
Post name: How to install the response from a CA programmatically (PowerShell)
Original author: Alejandro Campos Magencio
Posting date: 2012-04-27T05:19:36+00:00

Hi all,

The other day a customer of mine was creating a SSL certificate request with IIS Manager (inetmgr.exe) with "Create Certificate Request..." action in the Server Certificates section. He was sending that request to a Certificate Authority, and he wanted to programmatically install the .cer file with the response from the CA the same way you do it manually with "Complete Certificate Request…" action in the Server Certificates section.

The following Powershell sample does that:

$strBase64Response = get-content "C:\Test\Base64.cer"
 $objEnroll = New-Object -ComObject X509Enrollment.CX509enrollment
 $objEnroll.InstallResponse(0x4, $strBase64Response, 0, $null)


Note: the 0x2 value in Initialize call means ContextMachine, and the 0x4 value in InstallResponse call means AllowUntrustedRoot.

Note: you need to run this with an administrator, as the cert will go to the MY certificate store of the local machine, and only admin users have access to write in there by default.

I hope this helps.



Alex (Alejandro Campos Magencio)

Share this article:


Comments are closed.