Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

First published on TECHNET on Sep 18, 2009

Starting with 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the product team in our testing of Services. SetupCA.vbs was designed to have the functionality present in the setup UI but in an easy command line that can be used in . Most of the functionality of the script is fairly straight forward in just setting properties on the setup object. A couple of features, like the key/cert re-use, take a bit of code to get the setting right.

All of the ICertSrvSetup COM object properties and methods are documented in the MSDN at .

The setup script is attached to this post, simply click the link for setupca.vbs and save the file to your local system.

Some example usages of the script:

Install Enterprise Root CA
Cscript setupca.vbs /ie /sn MyRootCA /sk 4096 /sp “RSA#Microsoft Software Key Provider” /sa SHA256

Install Standalone Sub CA
Cscript setupca.vbs /it /sn MySubCA /sr MyParentCAMachineMyRootCA /sk 384 /sp “ECDSA_P384#Microsoft Software Key Provider” /sa SHA1

Uninstall CA:
Cscript setupca.vbs /uc

Install Web Pages:
Cscript setupca.vbs /iw /sr MyParentCAMachineMyRootCA

There is also a usage that lists all the parameters if you run the script without any arguments.

UPDATE: Script has been updated to include option for offline requests using new /OR switch. Example:

Install Enterprise Sub CA saving request to a file:

Cscript setupca.vbs /if /sn “My Sub CA” /sp “RSA#Microsoft Software Key Provider” /sk 4096 /or “c:tempca.req”



This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.