question

NicholasTalbot-2653 avatar image
0 Votes"
NicholasTalbot-2653 asked RichMatheisen-8856 answered

Powershell Certificate Import From RootCA

With the GUI I just use MMC \ Certificates and do an import and point to my AD integrated certificate for ldaps, how can i accomplish this with powershell

I am trying this to no avail

Get-Certificate -Template ldaps -CertStoreLocation cert:\localmachine\MY -Credential $cred -Url http://rootca/certsrv

Error:

 Get-Certificate : CX509EnrollmentPolicyWebService::Initialize: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER). This may be the result of user credentials being required on the remote machine. See Enable-WSManCredSSP Cmdlet help on
 how to enable and use CredSSP for delegation with PowerShell remoting.
 At line:1 char:1
 + Get-Certificate -Template Computerv2 -CertStoreLocation cert:\localma ...
 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (:) [Get-Certificate], Exception
     + FullyQualifiedErrorId : RemotingFailure,Microsoft.CertificateServices.Commands.GetCertificateCommand



windows-server-powershellwindows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

I would definitely not follow the advice given in that error message and enable the use of CredSSP -- unless you want your user-id and password to be given away. CredSSP just does a simple Base64 conversion of those values. That's hardly what I'd call "encryption".

What credentials are you providing in the $cred variable? Whatever it is, the "rootca" machine (in the URL) implies that they are insufficient.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.