To issue the Enrollment Agent certificate, run the IndeedCM.CertEnroll.MsCA.exe utility with /e <service username> <Password> parameter as local administrator.
<service username> – is the name of service account to use with certification authorities (serviceca),
CA: 2016ca.demo.local\DemoMSCA
Certificate has been enrolled successfully.
If the certificate request is to be approved by CA operator, then the utility prompts to acknowledge the request and continue with specification of the request ordinal number and the name of key container:
CA: 2016ca.demo.local\DemoMSCA
Certificate request is pending.
Request id: 27
Container name: lr-EnrollmentAgent-175d9490-7481-4a29-b567-503d39747354
Please accept request and then install certificate.
After the request is approved, you need to execute a command to install the certificate into storage.
To do so, run the IndeedCM.CertEnroll.MsCA.exe utility with /i <service username> <password><requestId> <containerName> parameter, where:
service username – имя сервисной учетной записи для работы с центрами сертификации (serviceca)
password – пароль сервисной учетной записи
requestId – порядковый номер запроса на сертификат
CA: 2016ca.demo.local\DemoMSCA
Certificate has been installed successfully.
As a result of the utility execution, an Enrollement Agent certificate should appear in the certificate storage of the PC where the Indeed CM server is installed. The said certificate features an exportable private key and configured rights to manage the private key of service user account. You can also specify the certificate template name (/t parameter) and certification authority (/c) to address (if there are several of them deployed). Default template name is Enrollment Agent. Templates with any names are supported, provided that the latter feature Extended Key UsageCertificate Request Agent.
Example:
IndeedCM.CertEnroll.MsCA.exe /e service password /t=”CopyEnrollmentAgent” /c=”WS2008R2.demo.local\Indeed-CA”