Add-CertificateEnrollmentPolicyService
Synopsis
Installs Certificate Enrollment Policy Service (CEP) instance on a local computer.
Syntax
Add-CertificateEnrollmentPolicyService [[-Authentication] <String> {UsrPwd | Kerberos | Certificate} ] [[-Thumbprint] <String>] [<CommonParameters>]
Description
Installs Certificate Enrollment Policy Service (CEP) instance an a local computer and configures IIS web application. This command supports only Windows Server 2008 R2 and newer operating systems.
Parameters
-Authentication <String>
Specifies authentication type for communication. Possible values are: Kerberos, UsrPwd or Certificate. Kerberos is used by default.
Required? | False |
Position? | 0 |
Default value | Kerberos |
Accept pipeline input? | false |
Accept wildcard characters? | False |
-Thumbprint <String>
Specifies SSL certificate thumbprint. If this parameter is omitted, the command will try to enroll for a new SSL certificate from an Enterprise CA. The command will attempt to enroll for a certificate based on either, 'Computer' (if the local computer is member server) or 'Domain Controller' (if the local computer is domain controller) certificate template.
Required? | False |
Position? | 1 |
Default value | |
Accept pipeline input? | false |
Accept wildcard characters? | False |
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).
Inputs
None.
Outputs
SysadminsLV.PKI.Utils.IServiceOperationResult
Notes
Examples
Example 1
PS C:\> Add-CertificateEnrollmentPolicyService
Running the command without parameters, will install the Certificate Enrollment Policy Service instance with the default Kerberos authentication. If no valid SSL certificate is found, the new one will be requested and assigned for CEP service.
Example 2
PS C:\> Add-CertificateEnrollmentPolicyService -Authentication Certificate -Thumbprint "D485FFFD6C2CBC161667087B3209CCD765A32544"
In this example CEP server will be configured to use Certificate authentication. In addition, IIS Default Web Site will be configured to use SSL certificate with thumbprint 'D485FFFD6C2CBC161667087B3209CCD765A32544'. The certificate must be stored in LocalMachine store and have a private key.
Related links
Add-CertificateEnrollmentService
Remove-CertificateEnrollmentService
Remove-CertificateEnrollmentPolicyService
Minimum PowerShell version support
- PowerShell 3.0
Operating System Support
- Windows Server 2008 R2 all editions