Install-AdcsEnrollmentWebService

Syntax

DefaultParameterSet (Default)

Install-AdcsEnrollmentWebService
    [-CAConfig <String>]
    [-ApplicationPoolIdentity]
    [-AuthenticationType <AuthenticationType>]
    [-SSLCertThumbprint <String>]
    [-RenewalOnly]
    [-AllowKeyBasedRenewal]
    [-Force]
    [-Credential <PSCredential>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

ServiceAccountParameterSet

Install-AdcsEnrollmentWebService
    -ServiceAccountName <String>
    -ServiceAccountPassword <SecureString>
    [-CAConfig <String>]
    [-AuthenticationType <AuthenticationType>]
    [-SSLCertThumbprint <String>]
    [-RenewalOnly]
    [-AllowKeyBasedRenewal]
    [-Force]
    [-Credential <PSCredential>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Description

Examples

Example 1: Installs the Certificate Enrollment Web Service to use the certification authority

$params = @{
    ApplicationPoolIdentity = $true
    CAConfig                = "CA1.contoso.com\contoso-CA1-CA"
    SSLCertThumbprint       = "a909502dd82ae41433e6f83886b00d4277a32a7b"
    AuthenticationType      = Certificate
}
Install-AdcsEnrollmentWebService @params

Example 2: Installs the Certificate Enrollment Web Service to use the certification authority that prompts for password

$params = @{
    CAConfig               = "APP1.corp.contoso.com\corp-APP1-CA"
    SSLCertThumbprint      = "a909502dd82ae41433e6f83886b00d4277a32a7b"
    ServiceAccountName     = "Corp\CEPAcct1"
    ServiceAccountPassword = (Read-Host "Set user password" -AsSecureString)
}
Install-AdcsEnrollmentWebService @params

Parameters

-AllowKeyBasedRenewal

Indicates that the cmdlet accepts key based renewal requests for the enrollment server, which are valid client certificates for authentication that do not directly map to a security principal.

Parameter properties

Parameter sets

-ApplicationPoolIdentity

Indicates that the cmdlet configures the Certificate Enrollment Web Service to use the application pool identity when communicating with the Certification Authority (CA). This parameter is only valid when Certificate Enrollment Web Service targets a remote CA. If not specified, the local application pool identity is used. This parameter is only valid when installing the first instance of the Certificate Enrollment Web Service. If this installation will be for an additional instance of Certificate Enrollment Web Service on this server, then this parameter should not be specified.

Parameter properties

Parameter sets

-AuthenticationType

Specifies the authentication type. The acceptable values for this parameter are:

• Certificate
• Kerberos
• UserName

Parameter properties

Parameter sets

-CAConfig

Specifies the configuration string of the CA used by the Certificate Enrollment Web Service to process enrollment requests. This parameter depends upon whether a local CA is installed. If the CA is local, then the parameter is optional and defaults to the local CA when not specified. If there is not a local CA, then the parameter is required. The input of the configuration string is <CAComputerName>\<CACommonName>. Replace the computer name of the (CA) for <CAComputerName> and replace the CA common name for <CACommonName>.

Parameter properties

Parameter sets

-Confirm

Prompts you for confirmation before running the cmdlet.

Parameter properties

Parameter sets

-Credential

Specifies the credentials for installing the Certificate Enrollment Web Service. To obtain a credential object, use the Get-Credential cmdlet. For more information, type Get-Help Get-Credential. The Certificate Enrollment Web Service must be installed on a server that is a member of an Active Directory Domain Services (AD DS) ___domain. If the Certificate Enrollment Web Service is configured to use a Standalone certification authority (CA), then an account that is a member of the local Administrators on the CA is required. If the Enrollment Web Service is installed to use an Enterprise CA, then using an account that is a member of Domain Admins group is required.

Parameter properties

Parameter sets

-Force

Forces the command to run without asking for user confirmation.

Parameter properties

Parameter sets

-RenewalOnly

Indicates that the cmdlet enables renewal only mode.

Parameter properties

Parameter sets

-ServiceAccountName

Specifies the ___domain account for use with the service. The input string should be in the form of <___domain>\<accountname>. For instance, to specify an account named WebEnroll in the Corp.contoso.com ___domain, you would type CORP\WebEnroll.

Parameter properties

Parameter sets

-ServiceAccountPassword

Specifies the password for the ___domain account used as the service account.

Parameter properties

Parameter sets

-SSLCertThumbprint

Specifies the hash or thumbprint of the Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for a web site as a string value. This parameter is optional. If used, it establishes the necessary binding with Internet Information Server (IIS) to enable support for the required SSL/TLS connectivity. If a binding already exists within IIS, specifying this parameter overwrites the existing binding. If this parameter is not specified, any existing binding is used. If no bindings exist, installation succeeds, but the service will not function until the binding is established manually.

Parameter properties

Parameter sets

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Parameter properties

Parameter sets

CommonParameters

Inputs

String

SecureString

SwitchParameter

Microsoft.CertificateServices.Deployment.Common.AuthenticationType

PSCredential

Outputs

Microsoft.CertificateServices.Deployment.Common.CES.EnrollmentServiceResult

Notes

Related Links

• Uninstall-AdcsEnrollmentWebService
• Get-Credential