First published on TECHNET on Sep 18, 2009
Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the product team in our testing of Certificate Services. SetupCA.vbs was designed to have the functionality present in the setup UI but in an easy command line that can be used in automation. Most of the functionality of the script is fairly straight forward in just setting properties on the setup object. A couple of features, like the key/cert re-use, take a bit of code to get the setting right.
All of the ICertSrvSetup COM object properties and methods are documented in the MSDN at http://msdn.microsoft.com/en-us/library/bb736371%28VS.85%29.aspx .
The setup script is attached to this post, simply click the link for setupca.vbs and save the file to your local system.
Some example usages of the script:
Install Enterprise Root CA
Cscript setupca.vbs /ie /sn MyRootCA /sk 4096 /sp “RSA#Microsoft Software Key Storage Provider” /sa SHA256
Install Standalone Sub CA
Cscript setupca.vbs /it /sn MySubCA /sr MyParentCAMachineMyRootCA /sk 384 /sp “ECDSA_P384#Microsoft Software Key Storage Provider” /sa SHA1
Cscript setupca.vbs /uc
Install Web Pages:
Cscript setupca.vbs /iw /sr MyParentCAMachineMyRootCA
There is also a usage that lists all the parameters if you run the script without any arguments.
UPDATE: Script has been updated to include option for offline requests using new /OR switch. Example:
Install Enterprise Sub CA saving request to a file:
Cscript setupca.vbs /if /sn “My Sub CA” /sp “RSA#Microsoft Software Key Storage Provider” /sk 4096 /or “c:tempca.req”