Exportovat (0) Tisk
Rozbalit vše
Arp
At
Cd
Cls
Cmd
Del
Dir
Fc
For
Ftp
If
Ldp
Lpq
Lpr
Md
Mmc
Msg
Nlb
Rcp
Rd
Reg
Rem
Ren
Rsh
Rsm
Rss
Sc
Set
Sfc
Ver
Vol
Expand Minimize

Certreq

Aktualizováno: duben 2012

Rozsah platnosti: Windows Server 2008, Windows Vista

Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.

For examples of how to use this command, see Examples.

Certreq [-submit] [-retrieve RequestID] [-new] [-accept] [-policy]
[-sign] [-attrib AttributeString] [-binary]
[-config CAMachineName\CAName] [-crl] [-rpc] [-cert CertID]
[RequestFileIn | CertChainFileIn | FullResponseFileIn | CertFileIn | PolicyFileIn]
[RequestFileOut | CertChainFileOut | FullResponseFileOut | CertFileOut | PKCS10FileOut]

 

Parameters Description

-submit

Submits a request to a CA.

-retrieve RequestID

Retrieves a response to a previous request from a CA.

-new

Creates a new request from an .inf file.

-accept

Accepts and installs a response to a certificate request.

-policy

Sets the policy for a request.

-sign

Signs a cross-certification or qualified subordination request.

-attrib AttributeString

Specifies the Name and Value string pairs, separated by a colon.

Separate Name and Value string pairs with \n (for example, Name1:Value1\nName2:Value2).

-binary

Formats output files as binary instead of base64-encoded.

-config CAMachineName\CAName

Processes the operation by using the CA specified in the configuration string, which is CAMachineName\CAName.

-crl

Includes certificate revocation lists (CRLs) in the output to the base64-encoded PKCS #7 file specified by CertChainFileOut or to the base64-encoded file specified by RequestFileOut.

-rpc

Instructs Active Directory Certificate Services (AD CS) to use a remote procedure call (RPC) server connection instead of Distributed COM.

-cert CertID

Specifies the signing certificate by common name, serial number, Secure Hash Algorithm (SHA-1) key, or certificate hash.

CertChainFileIn

Specifies the base64-encoded or binary certificate chain input file that you want to use.

FullResponseFileIn

Specifies the base64-encoded or binary full response input file that you want to use.

CertFileIn

Specifies the base64-encoded or binary certificate input file that you want to use.

RequestFileIn

Specifies the base64-encoded or binary input file that you want to use.

The file can be a PKCS #10 certificate request, a PKCS #7 certificate renewal request, a KEYGEN tag format certificate request, a Certificate Management protocol using Cryptographic Message Syntax (CMS) request (this protocol is also known as CMC), or a certificate file of the CA that you want to cross-certify.

PolicyFileIn

Specifies the .inf input file that contains the extension definitions that you want to use to qualify a request.

RequestFileOut

Specifies the base64-encoded file to which you want to send output.

PKCS10FileOut

Specifies the base64-encoded PKCS #10 file to which you want to send output.

CertFileOut

Specifies the binary or base64-encoded X.509 v3 file to which you want to send output.

CertChainFileOut

Specifies the binary or base64-encoded PKCS #7 file to which you want to send output.

FullResponseFileOut

Specifies the binary or base64-encoded full response file to which you want to send output.

-?

Displays a list of certreq commands.

  • Je třeba zadat název_počítače_CA nebo název_CA v rámci příkazu -config název_počítače_CA\název_CA. V opačném případě se zobrazí dialogové okno pro výběr certifikační autority se seznamem certifikačních autorit, které jsou k dispozici.

  • Pokud místo příkazu -config název_počítače_CA\název_CA zadáte pouze příkaz -config -, bude operace zpracována pomocí výchozí certifikační autority.

  • You can use certreq -retrieve RequestID to retrieve the certificate after the CA has actually issued it. You can also use this command to retrieve any certificate that has ever been issued by the CA, including revoked or expired certificates, without regard to whether the certificate's request was ever in the pending state.

  • If you submit a request to the CA, the policy module of the CA might leave the request in a pending state and return the RequestID for display. Eventually, the CA's administrator will issue the certificate or deny the request.

You can use this example to submit a request to a CA.

certreq -submit [-attrib AttributeString] [-binary] [-config CAMachineName\CAName] [-crl] [-rpc]
[RequestFileIn [CertFileOut [CertChainFileOut [FullResponseFileOut]]]]

You can use this example to retrieve a response to a previous request from a CA.

certreq -retrieve [-binary] [-config CAMachineName\CAName] [-crl]
[-rpc] RequestID [CertFileOut [CertChainFileOut [FullResponseFileOut]]]

You can use this example to create a new request from an .inf file.

certreq -new [-attrib AttributeString] [-binary] [-cert CertID] [PolicyFileIn [RequestFileOut]] 

You can use this example to accept and install a response to a certificate request.

certreq -accept [{CertChainFileIn | FullResponseFileIn | CertFileIn}]

You can use this example to construct a cross-certification or qualified subordination request from an existing CA certificate or request.

certreq -policy [-attrib AttributeString] [-binary] [-cert CertID] [RequestFileIn [PolicyFileIn [RequestFileOut [PKCS10FileOut]]]] 

You can use this example to sign a cross-certification or qualified subordination request.

certreq -sign [-binary] [-certCertID] [-crl]
[RequestFileIn [RequestFileOut]]

Byl tento obsah pro vás užitečný?
(Zbývající počet znaků: 1500)
Děkujeme za váš názor.

Obsah vytvořený komunitou

Přidat
Zobrazit:
© 2014 Microsoft