Install-AdcsEnrollmentWebService

Windows Server 2012 R2 and Windows 8.1

Install-AdcsEnrollmentWebService

Performs initial configuration of the Certificate Enrollment Web service.

구문

Parameter Set: DefaultParameterSet
Install-AdcsEnrollmentWebService [-AllowKeyBasedRenewal] [-ApplicationPoolIdentity] [-AuthenticationType <AuthenticationType> ] [-CAConfig <String> ] [-Credential <PSCredential> ] [-Force] [-RenewalOnly] [-SSLCertThumbprint <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: ServiceAccountParameterSet
Install-AdcsEnrollmentWebService -ServiceAccountName <String> -ServiceAccountPassword <SecureString> [-AllowKeyBasedRenewal] [-AuthenticationType <AuthenticationType> ] [-CAConfig <String> ] [-Credential <PSCredential> ] [-Force] [-RenewalOnly] [-SSLCertThumbprint <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




자세한 설명

The Install-AdcsEnrollmentWebService cmdlet performs the configuration of Certificate Enrollment Web service. It is also used to create additional instances of the service within an existing installation. To remove the Certificate Enrollment Web Service role service use the Uninstall-AdcsEnrollmentWebService cmdlet.

You can import the cmdlet by running the following commands from Windows PowerShell:
Import-Module ServerManager
Add-WindowsFeature Adcs-Enroll-Web-Svc

매개 변수

-AllowKeyBasedRenewal

Specifies that the enrollment server accept key based renewal requests, which are valid client certificate for authentication that do not directly map to a security principal.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-ApplicationPoolIdentity

Specifies the identity that the Certificate Enrollment Web Service will use when communicating with the Certification Authority (CA). This parameter is only valid when Certificate Enrollment Web Service will be targeting a remote CA. If not specified, the local application pool identity is used. This parameter is only valid when installing the first instance of the Certificate Enrollment Web Service. If this installation will be for an additional instance of Certificate Enrollment Web Service on this server, then this parameter should not be specified.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-AuthenticationType<AuthenticationType>

Specifies the authentication type. Valid options include: Certificate, Kerberos, and UserName.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-CAConfig<String>

Specifies the configuration string of the Certification Authority (CA) used by the Certificate Enrollment Web Service to process enrollment requests. This parameter depends upon whether a local CA is installed. If the CA is local, then the parameter is optional and defaults to the local CA when not specified. If there is not a local CA, then the parameter is required. The input is the configuration string is <CAComputerName>\<CACommonName>. Replace the computer name of the (CA) for <CAComputerName> and replace the CA common name for <CACommonName>.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Credential<PSCredential>

Specifies the credentials for installing the Certificate Enrollment Web Service. The Certificate Enrollment Web Service must be installed on a server that is a member of an Active Directory Domain Services (AD DS) domain. If the Certificate Enrollment Web Service is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If the Enrollment Web Service is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Force

별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-RenewalOnly

Specifies that renewal only mode be enabled.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-SSLCertThumbprint<String>

Specifies the hash or thumbprint of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for a web site as a string value. This parameter is optional. If used, it will establish the necessary binding with Internet Information Server (IIS) to enable support for the required SSL/TLS connectivity. If a binding already exists within IIS, specifying this parameter overwrites the existing binding. If this parameter is not specified, any existing binding is used. If no bindings exist, installation succeeds, but the service will not function until the binding is established manually.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-ServiceAccountName<String>

Specifies the domain account for use with the service. The input string should be in the form of <domain>\<accountname>. For example, to specify an account named WebEnroll in the Corp.contoso.com domain, you would type CORP\WebEnroll.


별칭

없음

필수 여부

true

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-ServiceAccountPassword<SecureString>

Specifies the password for the domain account used as the service account.


별칭

없음

필수 여부

true

위치

named

기본값

없음

파이프라인 입력 적용 여부

true (ByPropertyName)

와일드카드 문자 허용 여부

false

-Confirm

cmdlet을 실행하기 전에 확인 메시지가 표시됩니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-WhatIf

cmdlet이 실행될 경우 결과 동작을 표시합니다. cmdlet이 실행되지 않습니다.


필수 여부

false

위치

named

기본값

false

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(http://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

  • bool, bool, enum, string, bool, string, SecureString, string, PSCredential

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

  • Microsoft.CertificateServices.Deployment.Commands.CES.EnrollmentServiceResult

참고

  • Ensure you run Windows PowerShell as an administrator. You can use the -force switch to bypass the prompt for confirmation.
    To see parameters, run the following command: install-AdcsEnrollmentWebService cmdlet -?

  • You can get the CA configuration, which is the computer name and CA name by running certutil without any parameters. You can see the SSL certificate thumbprints assigned to the local computer by running the following commands:
    cd cert:\LocalMachine\My
    dir | format-list

예제

-------------------------- EXAMPLE 1 --------------------------

Description

-----------

This command installs the Certificate Enrollment Web Service to use the certification authority with a computer name of CA1.contoso.com and a CA common name contoso-CA1-CA. The identity of the Certificate Enrollment Web Service is specified as the default application pool identity. The placeholder <thumbprint> should be replaced with the actual thumbprint of the certificate associated with the service. The authentication type is certificate based.


C:\PS>Install-AdcsEnrollmentWebService –ApplicationPoolIdentity -CAConfig CA1.contoso.com\contoso-CA1-CA -SSLCertThumbprint <thumbprint> -AuthenticationType Certificate

-------------------------- EXAMPLE 2 --------------------------

Description

-----------

This command installs the Certificate Enrollment Web Service to use the certification authority with a computer name of APP1.corp.contoso.com and a CA common name corp-APP1-CA. The placeholder <thumbprint> should be replaced with the actual thumbprint of the certificate associated with the service. The identity of the Certificate Enrollment Web Service is specified as CEPAcct1 from the Corp domain. The command will prompt for the user password.


C:\PS>Install-AdcsEnrollmentWebService -CAConfig APP1.corp.contoso.com\corp-APP1-CA -SSLCertThumbprint <thumbprint> -ServiceAccountName Corp\CEPAcct1 -ServiceAccountPassword (read-host "Set user password" -assecurestring)

관련 항목

커뮤니티 추가 항목

추가
표시: