Requesting Certificates (Command Line)
Tópico modificado em: 2009-03-11
The Request action requests a certificate from the certification authority that you specify. The Request action requires the following syntax.
LCSCmd.exe /Cert /Action:Request /OU:<the organizational unit> /org:<the organization> /sn:<subject name> /country:<country or region> /state:<full state or province name> /city:<full city or locality name> [/online[:{TRUE|FALSE}]] [/friendlyName:<friendly name for the certificate>] [/bitLength:<length of the certificate public key>] [/exportable[:{TRUE|FALSE}]] [/san:<subject alternate name on the certificate>] [/Filename:<file name for offline requests>] [/ca:<certification authority in the form <CAFQDN>\<CAName>>] [/caAccount:<Account in the form <CADomain>\<CAUser> or <CAComputer>\<CAUser>>] [/caPassword:<Password for the CA account>] [/autoAppendSNToSAN[:{TRUE|FALSE}]] [/enableClientEKU[:{TRUE|FALSE}]] [/assign:{TRUE|FALSE}] [/Components:{AP | DP | MR | INTERNAL}] [/L:<log file path>] [/XML[:{TRUE|FALSE}]] [/?[:{TRUE|FALSE}]]
Such as:
LCSCmd.exe /Cert /Action:Request /OU:Marketing /Org:Contoso /sn:eepool1.contoso.com /country:US /city:Redmond /state:Washington
Where:
| Parameter | Description |
|---|---|
/Cert |
Executes the selected certificate task on the current computer. |
/Action |
Takes a string that specifies the action name. Valid action names include Request, CheckStatus, ImportResponse, ImportPFX, ExportPFX, ListCA, and ImportCAChain. |
/OU |
Specifies the organizational unit. |
/org |
Specifies the organization. |
/sn |
Specifies the certificates Subject Name, such as the FQDN of the current server or pool. |
/country |
Specifies the two-letter code for the country or region. For example, US for the United States or PT for Portugal. |
/state |
Specifies the unabbreviated name of the state or province. |
/city |
Specifies the unabbreviated name of the city or locality. |
/online |
Specifies whether this is an online certificate request. If not specified, TRUE is used. |
/friendlyName |
Specifies the friendly name of the certificate. |
/bitLength |
Specifies the length of the certificate public key. Valid values are 1024, 2048, 4096. If not specified, 1024 is used. |
/exportable |
Specifies whether the private key is exportable. If not specified, FALSE is used. |
/san |
Specifies a comma-separated list of names to be used as the subject alternate name of the certificate. The subject name is automatically added to the Subject Alternate Name (SAN) if any subject alternate name is specified unless /autoAppendSNToSAN:FALSE is specified. |
/Filename |
Specifies the file name for storing an offline certificate request. If specified, the file must not already exist. |
/ca |
Specifies the certification authority to use for online certificate requests in the form <CA FQDN>\<CA Name>. This parameter is required for online certificate requests. |
/caAccount |
Specifies an account that is recognized by the CA and has privileges to request certificates (if integrated authentication is not desired). This parameter is ignored if CredMan is not available. |
/caPassword |
Specifies the password to be used with caAccount. This parameter is ignored if caAccount is not specified. |
/autoAppendSNToSAN |
Specifies whether Subject Name should be appended to Subject Alternate Name if any subject alternate name is specified. If not specified, TRUE is used. |
/enableClientEKU |
Specifies whether the certificate should contain the Client Authentication EKU (usually not required except for some types of federation). If not specified, FALSE is used. |
/assign |
New in Office Communications Server 2007 R2. Specifies whether the issued certificate should be assigned immediately. This parameter is available only when /online is set to True (the default). |
/Components |
New in Office Communications Server 2007 R2. Specifies the Edge Server to which the certificate should be assigned. This is a comma-separated list, specifying one or more of the following options: AP Access Proxy or Access Edge Server DP Data Proxy or Web Conferencing Edge Server MR Media Relay or A/V Edge Server INTERNAL Edge Server internal interface (default) |
/L |
Specifies the log file path. If not specified, %TEMP%\<ActionName>[<Date>][<Time>].html is used. To disable logging, use a dash character (-) as the log file name. |
/XML |
Specifies whether the log file to be generated should be in XML format instead of HTML. |
/? |
Shows Help on usage. |