Create PFX certificates for a couple of hundreds machines that don't belong to any domain you trust, or just belong to workgroup ... So, since i hate to do the same thing more than 2 times i did this :
$CAName = 'CA-SERVER.DOMAIN\DOMAIN-CA'
$CertPassword = 'YourCertificaPassword'
$CertTemplate = 'YourCAOpsMgrTemplate'
Set-Location C:\tmp\SCOM_CERTS\
foreach ($agent in (Get-Content Agent-List.txt))
{
Remove-Item ($agent + '.*') -Force
$inffile = $agent + '.inf'
'[NewRequest]' > $inffile
'Subject="CN=' + $agent + '"' >> $inffile
'Exportable=TRUE' >> $inffile
'KeyLength=1024' >> $inffile
'MachineKeySet=TRUE' >> $inffile
'FriendlyName="' + $agent + '"' >> $inffile
'[RequestAttributes]' >> $inffile
'CertificateTemplate="' + $CertTemplate + '"' >> $inffile
$reqfile = $agent + '.req'
$certfile = $agent + '.cer'
$pfxname = $agent + '.pfx'
certreq -New $inffile $reqfile
certreq -Submit -config $CAName $reqfile $certfile
certreq -accept $certfile
certutil -exportpfx -p $CertPassword $agent $pfxname "NoChain,NoRoot"
certutil -delstore my $agent
Remove-Item $inffile,$reqfile,$certfile
}
Have fun! :)
No comments:
Post a Comment