Certificate renewal with Powershell

Certificate renewal with Powershell

With the following function, it is possible to renew a Local machine certificate by providing the certificate thumbprint to the function. To simply get a certificate thumbprint, you can run this command:

If you want more information (Subject,Issuer, Validity dates and thumbprint) on the certificate listed above, type :

Note that the command above and below are running on the Local Machine Certificate store. This is why the first variable ( $ContextAdministratorForceMachine ) has been set to 0x3 : the certificate is being requested by an administrator acting on the behalf of a computer.

You can find a full version of this function here (thank you Slogmeister Extraordinaire for your post)

<>

My Powershell script categories

2 thoughts on “Certificate renewal with Powershell

  • February 28, 2019 at 11:58
    Permalink

    Hi,

    I am trying to use your code on windows server 2008 and 2012 to renew a celf signed certificate in the location:
    “cert:\LocalMachine\Remote Desktop\”cert:\LocalMachine\Remote Desktop\” , but am getting the following error:

    Exception calling “InitializeFromCertificate” with “4” argument(s): “CertEnroll::CX509CertificateRequestCertificate::InitializeFromCertificate: Cannot find object or property. 0x80092004 (-2146885628)”
    At C:\Monitoring_DoNotRemove\CertificateRenewal\CertificateRenawal.ps1:59 char:35
    + $PKCS10.InitializeFromCertificate <<<< ($ContextAdministratorForceMachine, $strCertificate, $XCN_CRYPT_STRING_BASE64, $X509RequestInheritOptions)
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ComMethodTargetInvocation

    After trying to Inititialize the certificate

    $strCertificate=[System.Convert]::ToBase64String($Cert.RawData)

    #$PKCS10.InitializeFromCertificate($ContextAdministratorForceMachine,[System.Convert]::ToBase64String($Cert.RawData), $XCN_CRYPT_STRING_BASE64, $X509RequestInheritOptions)

    $PKCS10.InitializeFromCertificate($ContextAdministratorForceMachine, $strCertificate, $XCN_CRYPT_STRING_BASE64, $X509RequestInheritOptions)

    I really need this to be working as the windows command line alternative is poor.

    Apreciate a lot any answer.

    Cheers

    M.

    Reply
    • June 14, 2019 at 06:28
      Permalink

      Hello,

      I have to test your case using self signed certificate. Tell me if you still need this script.

      Regards

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: