Announcement

Collapse
No announcement yet.

Scripting of PFX certificates installation to multiple systems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Scripting of PFX certificates installation to multiple systems

    I am working on a script to install PFX certificates to multiple systems. During my development phase, I have not been able to get past the import to a specific system yet. For the posting of this question, I have removed unique system names. Below is what I am seeing. The Certmgr portion runs properly & imports. The winhttpcertcfg portion sees the certificate & reads the unique information out of it, but does not import it. I would appreciate any assistance.


    C:\Utils>certins2.bat 172.16.98.125
    ftp> open 172.16.98.125
    Connected to 172.16.98.125.
    220 Microsoft FTP Service
    ftp> user administrator fakepassword
    331 Password required for administrator.
    230 User administrator logged in.
    ftp> cd \utils
    250 CWD command successful.
    ftp> bin
    200 Type set to I.
    ftp> put certmgr.xp.exe
    200 PORT command successful.
    150 Opening BINARY mode data connection for certmgr.xp.exe.
    226 Transfer complete.
    ftp: 75112 bytes sent in 0.41Seconds 184.55Kbytes/sec.
    ftp> put WinHttpCertCfg.exe
    200 PORT command successful.
    150 Opening BINARY mode data connection for winhttpcertcfg.exe.
    226 Transfer complete.
    ftp: 15360 bytes sent in 0.00Seconds 15360000.00Kbytes/sec.
    ftp> put psexec.exe
    200 PORT command successful.
    150 Opening BINARY mode data connection for psexec.exe.
    226 Transfer complete.
    ftp: 224048 bytes sent in 1.27Seconds 177.11Kbytes/sec.
    ftp> put certificate.crt
    200 PORT command successful.
    150 Opening BINARY mode data connection for fake.crt.
    226 Transfer complete.
    ftp: 874 bytes sent in 0.00Seconds 874000.00Kbytes/sec.
    ftp> put certificate.pfx
    200 PORT command successful.
    150 Opening BINARY mode data connection for fake.pfx.
    226 Transfer complete.
    ftp: 2040 bytes sent in 0.00Seconds 2040000.00Kbytes/sec.
    ftp> put cert.ipf
    200 PORT command successful.
    150 Opening BINARY mode data connection for cert.ipf.
    226 Transfer complete.
    ftp: 1054 bytes sent in 0.00Seconds 1054000.00Kbytes/sec.
    ftp> close
    221
    ftp> quit
    PsExec v1.73 - Execute processes remotely
    Copyright (C) 2001-2006 Mark Russinovich
    Sysinternals - www.sysinternals.com

    CertMgr Succeeded
    c:\utils\certmgr.xp.exe exited on 172.16.98.125 with error code 0.
    PsExec v1.73 - Execute processes remotely
    Copyright (C) 2001-2006 Mark Russinovich
    Sysinternals - www.sysinternals.com

    Microsoft (R) WinHTTP Certificate Configuration Tool
    Copyright (C) Microsoft Corporation 2001.
    Imported certificate:
    OU=99999999
    O=My Company
    L=Somewhere
    S=Some State
    C=US
    CN=Unique Certificate Name

    Granting private key access for account:
    SYSTEM-NAME\Administrator
    c:\utils\WinHttpCertCfg.exe exited on 172.16.98.125 with error code 0.
    C:\Utils>


    Here is the batch script that I wrote to accomplish the task. The %1x is IP address.

    @echo off
    if %1x==x goto error
    echo open %1 > ftp%1.scr
    echo user administrator password >> ftp%1.scr
    echo cd \utils >> ftp%1.scr
    echo bin >> ftp%1.scr
    echo put certmgr.xp.exe >> ftp%1.scr
    echo put WinHttpCertCfg.exe >> ftp%1.scr
    echo put psexec.exe >> ftp%1.scr
    echo put NICS.crt >> ftp%1.scr
    echo put store219cert2009.pfx >> ftp%1.scr
    echo put cert.ipf >> ftp%1.scr
    echo close >> ftp%1.scr
    echo quit >> ftp%1.scr
    ftp -n -s:ftp%1.scr
    psexec \\%1 -u administrator -p password -i -n 30 c:\utils\certmgr.xp.exe /add /c "c:\utils\certificate.crt" /s /r localmachine root
    psexec \\%1 -u administrator -p password -n 30 c:\utils\WinHttpCertCfg.exe -i "c:\utils\certificate.pfx" -c LOCAL_MACHINE\My -a administrator -p password
    goto :eof
    :error
    echo.
    echo You need to specify the target IP address.
    echo.
    echo Syntax: certins ipaddr
    echo.
    goto :eof
    Last edited by jtashmore; 27th November 2009, 19:46. Reason: Updated to include more information
Working...
X