Certificate

列出來自 CA certutil 或 certreq 的所有可用模板

  • September 10, 2021

我需要通過命令行申請證書我已經調查過certreq是可以申請證書的工具。

我習慣於 gui 通過選擇可用模板之一來請求證書,但我需要通過命令行執行相同的操作。

關於如何實現這一目標的任何想法?

如果要顯示由友好的 Active Directory 證書服務 CA 提供的證書模板列表(在命令行中),請使用certutil -CATemplates.

C:\Windows\system32>certutil -CATemplates
DirectoryEmailReplication: Directory Email Replication -- Auto-Enroll: Access is denied.
DomainControllerAuthentication: Domain Controller Authentication -- Auto-Enroll: Access is denied.
KerberosAuthentication: Kerberos Authentication -- Auto-Enroll: Access is denied.
EFSRecovery: EFS Recovery Agent -- Auto-Enroll: Access is denied.
EFS: Basic EFS -- Auto-Enroll: Access is denied.
DomainController: Domain Controller -- Auto-Enroll: Access is denied.
WebServer: Web Server -- Auto-Enroll: Access is denied.
Machine: Computer -- Auto-Enroll: Access is denied.
User: User -- Auto-Enroll: Access is denied.
SubCA: Subordinate Certification Authority -- Auto-Enroll: Access is denied.
Administrator: Administrator -- Auto-Enroll: Access is denied.
CertUtil: -CATemplates command completed successfully.

獎金,它還告訴您目前是否有權註冊每個特定模板。

要註冊其中一個證書模板,請使用:

certreq -enroll -q WebServer

-q參數禁止所有互動式對話框,使其成為純命令行體驗。

引用自:https://serverfault.com/questions/761433