Web resources:

Certreq syntax: https://technet.microsoft.com/en-us/library/cc736326(v=ws.10).aspx

http://vipinvasudevan.blogspot.fr/2013/02/my-it-experience-1.html

http://blog.kloud.com.au/2013/07/30/ssl-san-certificate-request-and-import-from-powershell/

Script:

Here the script developed for non-domain computers (certified it works!)

#
# Amadeus Request and Install Certificate for non windows computers
# Used for Cisco AnyConnect VPN
#
# Created    :     2015/04/21
# Updated    :    2015/04/27
#
# Authors    : jdalbera – system architecture
# Comments    : Amadeus Request and Install Computer Certificate on non-domain
#                computer – using CEP/CES and dedicated service account
# Certreq technet reference: https://technet.microsoft.com/library/cc725793.aspx
#
cls
Write-host “”
Write-host “———————————————————”
Write-host ” Request and Install Computer Certificate by JD ”
Write-host ”             Used for Cisco AnyConnect VPN                ”
Write-host “———————————————————”
Write-host “”

## VARIABLES
[string]$TemplateName = “VPNCertNonDomainWks”
[string]$CEPPolicyServer = “https://webca.mydomain.local/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP”
[string]$CESConfig = “https://webca.mydomain.local/AMACATECH2_CES_UsernamePassword/service.svc/CES”
[string]$DomUser = “mydomain\acctpkivpncert”
[string]$DomPass = “xxxxxxxxxxxxxxxxxxxxxxxxx”

do{
[string]$Email = Read-host “Please enter the requestor’s email address (ie. jdalbera@mydomain.local)”
$Email = $Email.Tolower()
if (!$Email) {Write-Host “Please enter requestor’s email address again!” -backgroundcolor red -foregroundcolor white}
} until ($Email.length -gt 0)
Write-host “”
Write-host “Mandatory: answers the questions below to prepare the certificate request” -backgroundcolor yellow -foregroundcolor black

do{
[string]$UID = Read-host “Please enter the Computer FQDN (ie. mycomputer.otherdomain.local)”
$UID = $UID.ToLower()
if (!$UID) {Write-host “Please enter the Computer FQDN again!” -backgroundcolor red -foregroundcolor white}
} until ($UID.length -gt 0)

do{
[string]$DEPT = Read-host “Please enter the department (ie: internal-IT)”
$DEPT = $DEPT.ToLower()
if (!$DEPT) {Write-host “Please enter the department again!” -backgroundcolor red -foregroundcolor white}
} until ($DEPT.length -gt 0)

do{
[string]$ORG = Read-host “Please enter the company (ie. mycompany)”
$ORG = $ORG.ToLower()
if (!$ORG) {Write-host “Please enter the company again!” -backgroundcolor red -foregroundcolor white}
} until ($ORG.length -gt 0)

do{
[string]$LOC = Read-host “Please enter the city (ie. Nice)”
$LOC = $LOC.ToLower()
if (!$LOC) {Write-host “Please enter the city again!” -backgroundcolor red -foregroundcolor white}
} until ($LOC.length -gt 0)

do{
[string]$STATE = Read-host “Please enter the state (ie. France)”
$STATE = $STATE.ToLower()
if (!$STATE) {Write-host “Please enter the state again!” -backgroundcolor red -foregroundcolor white}
} until ($STATE.length -gt 0)

do{
[string]$COUNTRY = Read-host “Please enter the country ISO code 2 digits (ie:FR,DE,ES)”
$COUNTRY = $COUNTRY.substring(0,2).ToLower()
if (!$COUNTRY) {Write-host “Please enter the country ISO code 2 digits!” -backgroundcolor red -foregroundcolor white}
} until ($COUNTRY.length -gt 0)

## FUNCTIONS
function Pause ($Message=”Appuyez sur une touche pour quitter…”)
{
Write-host -NoNewLine $Message
$null = $Host.UI.RawUI.ReadKey(“NoEcho,IncludeKeyDown”)
Write-host “”}

## MAIN
Write-host “”
Write-host “————————————————————————————————”
Write-host “”
$startscript = Get-Date

###################################
# Generate Request File
###################################
#Subject = `”CN=$UID`”`r
Write-host “”
Write-host “Preparing Request File…” -Backgroundcolor Yellow -ForegroundColor Black
Write-host “Removing existing files…”
Remove-item .\cert.inf -ErrorAction silentlycontinue
Remove-item .\cert.req -ErrorAction silentlycontinue
Write-host “Preparing Template…”
Write-host “”
Add-content .\cert.inf “[NewRequest] `r
Subject = `”CN=$UID,EMAIL=$EMAIL,OU=$DEPT,O=$ORG,L=$LOC,S=$STATE,C=$COUNTRY`”`r
KeySpec = 1 `r
KeyLength = 2048  `r
Exportable = FALSE  `r
MachineKeySet = TRUE  `r
SMIME = False  `r
PrivateKeyArchive = FALSE  `r
UserProtected = FALSE  `r
UseExistingKeySet = FALSE  `r
ProviderName = `”Microsoft RSA SChannel Cryptographic Provider`”  `r
ProviderType = 12  `r
RequestType = PKCS10  `r
KeyUsage = 0xa0  `r

HashingAlgorithm = SHA256 `r
[EnhancedKeyUsageExtension] `r
OID=1.3.6.1.5.5.7.3.2 ; this is for Computer Authentication `r
[RequestAttributes]`r
CertificateTemplate = `”$TemplateName`”`r”

$FileExists = Test-Path .\cert.inf
If ($FileExists -eq $True) {
Write-Host “Template file .\cert.inf found…” -backgroundcolor green -foregroundcolor black ;
Write-Host “” ;
} Else {
Write-Host “No template file .\cert.inf found. End of the script…” -backgroundcolor red -foregroundcolor white ;
Write-Host “” ;
exit ;
}

Pause
###################################
# Create the Request
###################################
Write-host “Generating Request File…” -Backgroundcolor Yellow -ForegroundColor Black
Invoke-Expression “c:\Windows\System32\certreq.exe -new .\cert.inf .\cert.req”
Write-host “”

$FileExists = Test-Path .\cert.req
If ($FileExists -eq $True) {
Write-Host “Request file .\cert.req found…” -backgroundcolor green -foregroundcolor black ;
Write-Host “” ;
} Else {
Write-Host “No request file .\cert.req found. End of the script…” -backgroundcolor red -foregroundcolor white ;
Write-Host “” ;
exit ;
}

###################################
# Send Request
###################################
Write-host “Sending Certificate Request…” -Backgroundcolor Yellow -ForegroundColor Black
#Invoke-Expression “c:\Windows\System32\certreq.exe -submit -config $CAName .\cert.req .\$UID.cer”
Invoke-Expression “c:\Windows\System32\certreq.exe -submit -Username $DomUser -p $DomPass -PolicyServer $CEPPolicyServer -config $CESConfig .\cert.req .\$UID.cer”
Write-host “”

$FileExists = Test-Path .\$UID.cer
If ($FileExists -eq $True) {
Write-Host “Certificate file .\$UID.cer found…” -backgroundcolor green -foregroundcolor black ;
Write-Host “” ;
} Else {
Write-Host “No certificate file .\$UID.cer found. End of the script…” -backgroundcolor red -foregroundcolor white ;
Write-Host “” ;
exit ;
}

###################################
# Install Certificate
###################################
Write-host “Installing Certificate…” -Backgroundcolor Yellow -ForegroundColor Black
Invoke-Expression “c:\Windows\System32\certreq.exe -accept .\$UID.cer”
Write-host “”

#Start-Sleep 5
Write-host “——————-”
Write-host “– End of Script –”
Write-host “——————-”
Write-host “”
$stopscript = Get-Date
Write-host “Has started at” $startscript -BackgroundColor Gray -ForegroundColor Black
Write-host “Had finished at” $stopscript -BackgroundColor Gray -ForegroundColor Black
Write-host “TIME SPENT:” (New-TimeSpan -Start $startscript -End $stopscript).hours “Hours” (New-TimeSpan -Start $startscript -End $stopscript).minutes “Minutes” (New-TimeSpan -Start $startscript -End $stopscript).seconds “Seconds” -BackgroundColor Green -ForegroundColor Black
Write-host “”
Write-host “”