Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To issue the Enrollment Agent certificate, run the IndeedCM.CertEnroll.MsCA.exe utility with /e <service username> <Password> parameter as local administrator.

  • <service username> – is the name of service account to use with certification authorities (serviceca),
  • <Password><Password> – is the password of that account.
Info
iconfalse
titleExample:

IndeedCM.CertEnroll.MsCA.exe /e serviceca password1p@ssw0rd

The result should be like that:

Code Block
languagepowershell
CA: 2016camsca.demo.local\DemoMSCAIndeed-Demo-CA
Certificate has been enrolled successfully.

If the certificate request is to be approved by CA operator, then the utility prompts to acknowledge the request and continue with specification of the request ordinal number and the name of key container:

Code Block
languagepowershell
CA: 2016camsca.demo.local\DemoMSCAIndeed-Demo-CA
Certificate request is pending.
Request id: 27
Container name: lr-EnrollmentAgent-175d9490-7481-4a29-b567-503d39747354
Please accept request and then install certificate.

To do so, run the IndeedCM.CertEnroll.MsCA.exe utility with /i <service username> <password><requestId> <containerName> parameter, where:After the request is approved, you need to execute a command to install the certificate into storage.

  • service username – is the name of service account to use with certification authorities (serviceca)
  • password – is the password of the said account
  • requestId – is the ordinal number of the certificate request
  • containerName – is the name of key container
Scroll Pagebreak
Info
iconfalse
titleExample:

IndeedCM.CertEnroll.MsCA.exe /i serviceca password1 p@ssw0rd 27 lr-EnrollmentAgent-175d9490-7481-4a29-b567-503d39747354

The result should be like that:

Code Block
languagepowershell
CA: 2016camsca.demo.local\DemoMSCAIndeed-Demo-CA
Certificate has been installed successfully.

As a result of the utility execution, an Enrollement Agent certificate should appear in the certificate storage of the PC where the Indeed CM server is installed. The said certificate features an exportable private key and configured rights to manage the private key of service user account.

You can also specify the certificate template name (/t parameter) and certification authority (/c) to address (if there are several of them deployed). Default template name is Enrollment Agent. Templates with any names are supported, provided that the latter feature Extended Key Usage Certificate Request Agent.

Info
iconfalse
titleExample:

IndeedCM.CertEnroll.MsCA.exe /e service password serviceca p@ssw0rd /t=”CopyEnrollmentAgent” ”IndeedEnrollmentAgent” /c=”WS2008R2”msca.demo.local\Indeed-Demo-CA”