I try to automate cert requests for LDAPS certificate. When i request the my cert template the certificates private key is exportable. But never, when I try with certreq.
This is my Inf:
[Version]Signature="$Windows NT$ [NewRequest] ; At least one value must be set in this section Subject="CN=dc01" KeySpec=1 KeyLength=4096 Exportable=TRUE ProviderType=12 RequestType=PKCS10 KeyUsage=0xa0 [RequestAttributes] CertificateTemplate="KDC_TEMPLATE" [Extensions] _continue_ = "dns=dc01&" _continue_ = "dns=dc01.mydomain.dom&" _continue_ = "dns=mydomain.dom&" _continue_ = "dns=MYDOMAIN&" _continue_ = "dns=ldap.mydomain.dom&"
Then I try
certreq -new c:\_scripts\request2.inf c:\_scripts\result.txt
certreq -config pki.mydomain.dom\myCERT-CA -submit c:\_scripts\result.txt c:\_scripts\certificate.cer
certreq -accept c:\_scripts\certificate.cer
I got a powershell script to put the cert to NTDS Store.
But the private key ist never exportable when I script this, only when I use MMC an request manual.
Does anyone has an idea, what I do wrong??