I am trying to use the PowerShell Get-Certificate cmdlet to get a cert for a server Virtual Machine from the vm host.
Here's the scenairo.
1. Host computer is Server2012 Enterprise with Hyper-V running. CredSSP setup on this machine as client.
2. Host has TWO VMs: DC1, and SRV1.
3. SRV1 setup for credssp as both client and server.
4. I use a script block to do the creaton of the server from teh host, that runs on SRV1. Teh script looks like this:
$conf2 = {
# Set Credentials for SRV1
$Username = "reskit\administrator"
$PasswordSS = ConvertTo-SecureString -string 'Pa$$w0rd' -AsPlainText -Force
$credrk = New-Object System.Management.Automation.PSCredential $username,$PasswordSS
Import-Module WebAdministration -Verbose:$False
Get-Certificate -Template 'WebServer' -DnsName Srv1.Reskit.Org -CertStoreLocation Cert:\LocalMachine\my
}
# NB: CredRK is already defined when I make this call:
Invoke-Command -ComputerName SRV1 -ScriptBlock {ipconfig; hostname} -Credential $credrk
When I run this scriptlet, I get this error:
You do not have permission to request this type of certificate.: The permissions on the certificate template do not allow the current user to enroll for
this type of certificate. 0x80094012 (-2146877422). This may be the result of user credentials being required on the remote machine.
Any clues how to get this to work? Namely, I want to remotely setup a server for SSL but first need to get the cert. Sample code that works is most welcome (FWIW: the help in TechNet pages is pretty unhelpful as none of examples actually work in a default installation of CA/CredSSP (eg they talk about a cert template: 'sslwebserver' that does not exist, and none of the policy URLs do either.
Thomas Lee <DoctorDNS@Gmail.Com>