Automated CA installs using VB script on Windows Server 2008 and 2008R2 [UPDATED]

This post has been republished via RSS; it originally appeared at: Core Infrastructure and Security Blog articles.

First published on TECHNET on Sep 18, 2009

Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the product team in our testing of Certificate Services. SetupCA.vbs was designed to have the functionality present in the setup UI but in an easy command line that can be used in automation. Most of the functionality of the script is fairly straight forward in just setting properties on the setup object. A couple of features, like the key/cert re-use, take a bit of code to get the setting right.


All of the ICertSrvSetup COM object properties and methods are documented in the MSDN at http://msdn.microsoft.com/en-us/library/bb736371%28VS.85%29.aspx .


The setup script is attached to this post, simply click the link for setupca.vbs and save the file to your local system.



Some example usages of the script:


Install Enterprise Root CA
Cscript setupca.vbs /ie /sn MyRootCA /sk 4096 /sp "RSA#Microsoft Software Key Storage Provider" /sa SHA256


Install Standalone Sub CA
Cscript setupca.vbs /it /sn MySubCA /sr MyParentCAMachine\MyRootCA /sk 384 /sp "ECDSA_P384#Microsoft Software Key Storage Provider" /sa SHA1


Uninstall CA:
Cscript setupca.vbs /uc


Install Web Pages:
Cscript setupca.vbs /iw /sr MyParentCAMachine\MyRootCA


There is also a usage that lists all the parameters if you run the script without any arguments.



UPDATE: Script has been updated to include option for offline requests using new /OR switch. Example:


Install Enterprise Sub CA saving request to a file:

Cscript setupca.vbs /if /sn "My Sub CA" /sp "RSA#Microsoft Software Key Storage Provider" /sk 4096 /or "c:\temp\ca.req"


setupca.vbs

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.