Question : Install a CA on Windows Server 2008 R2 Server Core

So I am working with the new Windows Server 2008 R2 Server Core installation options to reduce the overhead of the software. The problem that I am running into is I am trying to establish a root Certification Authority on the server, and I cannot find any resources that might give me a hint as to how to configure the CA through the command line (since its server core and I need to use that). If anyone has any information as to where I could go to get this information at the least (I have already tried Microsoft TechNet, so unless I am completely missing it, I dont need to know about tech net) that would be completely wonderful. Thank you.

Answer : Install a CA on Windows Server 2008 R2 Server Core

just got this from Microsoft product support, script is attached:


The setupca.vbs script takes care of installing all the needed packages and files using OCSetup, since servermanagercmd is not available on the core builds.
 
Automated CA installs using VB script on Windows Server 2008 and 2008R2
Starting with Windows Server 2008 the CA product team introduced a set of COM objects that can be used to control the installation of CAs. Using VBScript you can quickly automate the setup and installation of a CA.Below is a script that is being used by the product team in our testing of Certificate Services. SetupCA.vbs was designed to have all the functionality present in the setup UI but in an easy command line that can be used in automation. Most of the functionality of the script is fairly straight forward in just setting properties on the setup objects. A couple of features, like the key/cert re-use, take a bit of code to get the setting right.
Some example usages of the script:
Install Enterprise Root CA
Cscript setupca.vbs /ie /sn MyRootCA /sk 4096 /sp RSA#Microsoft Software Key Storage Provider /sa SHA256
Install Standalone Sub CA
Cscript setupca.vbs /it /sn MySubCA /sr MyParentCAMachine\MyRootCA /sk 384 /sp ECDSA_P384#Microsoft Software Key Storage Provider /sa SHA1
Uninstall CA:
Cscript setupca.vbs /uc
Install Web Pages:
Cscript setupca.vbs /iw /sr MyParentCAMachine\MyRootCA
There is also a usage that lists all the parameters if you run the script without any arguments.

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55: 56: 57: 58: 59: 60: 61: 62: 63: 64: 65: 66: 67: 68: 69: 70: 71: 72: 73: 74: 75: 76: 77: 78: 79: 80: 81: 82: 83: 84: 85: 86: 87: 88: 89: 90: 91: 92: 93: 94: 95: 96: 97: 98: 99: 100: 101: 102: 103: 104: 105: 106: 107: 108: 109: 110: 111: 112: 113: 114: 115: 116: 117: 118: 119: 120: 121: 122: 123: 124: 125: 126: 127: 128: 129: 130: 131: 132: 133: 134: 135: 136: 137: 138: 139: 140: 141: 142: 143: 144: 145: 146: 147: 148: 149: 150: 151: 152: 153: 154: 155: 156: 157: 158: 159: 160: 161: 162: 163: 164: 165: 166: 167: 168: 169: 170: 171: 172: 173: 174: 175: 176: 177: 178: 179: 180: 181: 182: 183: 184: 185: 186: 187: 188: 189: 190: 191: 192: 193: 194: 195: 196: 197: 198: 199: 200: 201: 202: 203: 204: 205: 206: 207: 208: 209: 210: 211: 212: 213: 214: 215: 216: 217: 218: 219: 220: 221: 222: 223: 224: 225: 226: 227: 228: 229: 230: 231: 232: 233: 234: 235: 236: 237: 238: 239: 240: 241: 242: 243: 244: 245: 246: 247: 248: 249: 250: 251: 252: 253: 254: 255: 256: 257: 258: 259: 260: 261: 262: 263: 264: 265: 266: 267: 268: 269: 270: 271: 272: 273: 274: 275: 276: 277: 278: 279: 280: 281: 282: 283: 284: 285: 286: 287: 288: 289: 290: 291: 292: 293: 294: 295: 296: 297: 298: 299: 300: 301: 302: 303: 304: 305: 306: 307: 308: 309: 310: 311: 312: 313: 314: 315: 316: 317: 318: 319: 320: 321: 322: 323: 324: 325: 326: 327: 328: 329: 330: 331: 332: 333: 334: 335: 336: 337: 338: 339: 340: 341: 342: 343: 344: 345: 346: 347: 348: 349: 350: 351: 352: 353: 354: 355: 356: 357: 358: 359: 360: 361: 362: 363: 364: 365: 366: 367: 368: 369: 370: 371: 372: 373: 374: 375: 376: 377: 378: 379: 380: 381: 382: 383: 384: 385: 386: 387: 388: 389: 390: 391: 392: 393: 394: 395: 396: 397: 398: 399: 400: 401: 402: 403: 404: 405: 406: 407: 408: 409: 410: 411: 412: 413: 414: 415: 416: 417: 418: 419: 420: 421: 422: 423: 424: 425: 426: 427: 428: 429: 430: 431: 432: 433: 434: 435: 436: 437: 438: 439: 440: 441: 442: 443: 444: 445: 446: 447: 448: 449: 450: 451: 452: 453: 454: 455: 456: 457: 458: 459: 460: 461: 462: 463: 464: 465: 466: 467: 468: 469: 470: 471: 472: 473: 474: 475: 476: 477: 478: 479: 480: 481: 482: 483: 484: 485: 486: 487: 488: 489: 490: 491: 492: 493: 494: 495: 496: 497: 498: 499: 500: 501: 502: 503: 504: 505: 506: 507: 508: 509: 510: 511: 512: 513: 514: 515: 516: 517: 518: 519: 520: 521: 522: 523: 524: 525: 526: 527: 528: 529: 530: 531: 532: 533: 534: 535: 536: 537: 538: 539: 540: 541: 542: 543: 544: 545: 546: 547: 548: 549: 550: 551: 552: 553: 554: 555: 556: 557: 558: 559: 560: 561: 562: 563: 564: 565: 566: 567: 568: 569: 570: 571: 572: 573: 574: 575: 576: 577: 578: 579: 580: 581: 582: 583: 584: 585: 586: 587: 588: 589: 590: 591: 592: 593: 594: 595: 596: 597: 598: 599: 600: 601: 602: 603: 604: 605: 606: 607: 608: 609: 610: 611: 612: 613: 614: 615: 616: 617: 618: 619: 620: 621: 622: 623: 624: 625: 626: 627: 628: 629: 630: 631: 632: 633: 634: 635: 636: 637: 638: 639: 640: 641: 642: 643: 644: 645: 646: 647: 648: 649: 650: 651: 652: 653: 654: 655: 656: 657: 658: 659: 660: 661: 662: 663: 664: 665: 666: 667: 668: 669: 670: 671: 672: 673: 674: 675: 676: 677: 678: 679: 680: 681: 682: 683: 684: 685: 686: 687: 688: 689: 690: 691: 692: 693: 694: 695: 696: 697: 698: 699: 700: 701: 702: 703: 704: 705: 706: 707: 708: 709: 710: 711: 712: 713: 714: 715: 716: 717: 718: 719: 720: 721: 722: 723: 724: 725: 726: 727: 728: 729: 730: 731: 732: 733: 734: 735: 736: 737: 738: 739: 740: 741: 742: 743: 744: 745: 746: 747: 748: 749: 750: 751: 752: 753: 754: 755: 756: 757: 758: 759: 760: 761: 762: 763: 764: 765: 766: 767: 768: 769: 770: 771: 772: 773: 774: 775: 776: 777: 778: 779: 780: 781: 782: 783: 784: 785: 786: 787: 788: 789: 790: 791: 792: 793: 794: 795: 796: 797: 798: 799: 800: 801: 802: 803: 804: 805: 806: 807: 808: 809: 810: 811: 812: 813: 814: 815: 816: 817: 818: 819: 820: 821: 822: 823: 824: 825: 826: 827: 828: 829: 830: 831: 832: 833: 834: 835: 836: 837: 838: 839: 840: 841: 842: 843: 844: 845: 846: 847: 848: 849: 850: 851: 852: 853: 854: 855: 856: 857: 858: 859: 860: 861: 862: 863: 864: 865: 866: 867: 868: 869: 870: 871: 872: 873: 874: 875: 876: 877: 878: 879: 880: 881: 882: 883: 884: 885: 886: 887: 888: 889: 890: 891: 892: 893: 894: 895: 896: 897: 898: 899: 900: 901: 902: 903: 904: 905: 906: 907: 908: 909: 910: 911: 912: 913: 914: 915: 916: 917: 918: 919: 920: 921: 922: 923: 924: 925: 926: 927: 928: 929: 930: 931: 932: 933: 934: 935: 936: 937: 938: 939: 940: 941: 942: 943: 944: 945: 946: 947: 948: 949: 950: 951: 952: 953: 954: 955: 956: 957: 958: 959: 960: 961: 962: 963: 964: 965:

'SetupCA.VBS 'Copyright (c) Microsoft Corporation. All rights reserved. Option Explicit '***************************************************************** 'Displays script-understood command line params ' Sub Usage() Call OutputLine(ECHOMINIMAL, "SetupCA.vbs - Certificate Services Setup Automation for Microsoft Windows Server 2008/2008 R2") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "Parameters:") Call OutputLine(ECHOMINIMAL, "/SP - Specify Provider") Call OutputLine(ECHOMINIMAL, "/SK - Specify Key length") Call OutputLine(ECHOMINIMAL, "/SA - Specify Hash algorithm") Call OutputLine(ECHOMINIMAL, "/SN - Specify CA Name") Call OutputLine(ECHOMINIMAL, "/DN - Specify DN Suffix for CA cert subject") Call OutputLine(ECHOMINIMAL, "/SR - Specify Root CA (Required for subordinate CA" & Chr(39) & "s and Web service)") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "/RK - Reuse Key") Call OutputLine(ECHOMINIMAL, "/RC - Reuse Cert and Key") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "/interactive - Specifiy whether CA will be set to interact with desktop") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "/IE - Install Enterprise Root CA Service") Call OutputLine(ECHOMINIMAL, "/IS - Install Standalone Root CA Service") Call OutputLine(ECHOMINIMAL, "/IF - Install Enterprise Subordinate CA Service") Call OutputLine(ECHOMINIMAL, "/IT - Install Standalone Subordinate CA Service") Call OutputLine(ECHOMINIMAL, "/IW - Install web CA Service - works with any of the above or by itself") Call OutputLine(ECHOMINIMAL, " This option is not relevant for server core machines") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "/UC - Uninstall CA Service") Call OutputLine(ECHOMINIMAL, "") Call OutputLine(ECHOMINIMAL, "/? - Display this usage") Call OutputLine(ECHOMINIMAL, "") End Sub ' Usage '***************************************************************** 'Define external constant values ' ' CA Role Const ENTERPRISE_ROOTCA = 0 Const ENTERPRISE_SUBCA = 1 Const STANDALONE_ROOTCA = 3 Const STANDALONE_SUBCA = 4 Const NO_INSTALL_CA = - 1 Const UNINSTALL_CA = 8 'FileSystemObject defines Const FILE_FLAG_READ = 1 Const FILE_FLAG_WRITE = 2 Const FILE_FLAG_APPEND = 8 'Logging level Const ECHOMINIMAL = 1 'Error codes to handle: Const RPC_UNAVAILABLE = - 2147023174 '0x800706BA Const DOMAIN_UNAVAILABLE = - 2147023541 '0x8007054B Const REG_VALUE_NOT_FOUND = - 2147024894 '0x80070002 Const IMAGE_TAMPERED = - 2147024319 '0x80070241 Const VALUE_OUT_OF_RANGE = - 2147016574 '0x80072082 Const ROOT_CA_NOT_FOUND = 462 'Properties that can be set: Const SETUPPROP_INVALID = - 1 Const SETUPPROP_CATYPE = 0 Const SETUPPROP_CAKEYINFORMATION = 1 Const SETUPPROP_INTERACTIVE = 2 Const SETUPPROP_CANAME = 3 Const SETUPPROP_CADSSUFFIX = 4 Const SETUPPROP_VALIDITYPERIOD = 5 Const SETUPPROP_VALIDITYPERIODUNIT = 6 Const SETUPPROP_EXPIRATIONDATE = 7 Const SETUPPROP_PRESERVEDATABASE = 8 Const SETUPPROP_DATABASEDIRECTORY = 9 Const SETUPPROP_LOGDIRECTORY = 10 Const SETUPPROP_SHAREDFOLDER = 11 Const SETUPPROP_PARENTCAMACHINE = 12 Const SETUPPROP_PARENTCANAME = 13 Const SETUPPROP_REQUESTFILE = 14 Const SETUPPROP_WEBCAMACHINE = 15 Const SETUPPROP_WEBCANAME = 16 '***************************************************************** 'Define constants and defaults ' Const CONST_ERROR = 0 Const CONST_WSCRIPT = 1 Const CONST_CSCRIPT = 2 Const CONST_SHOW_USAGE = 3 Const CONST_PROCEED = 4 Const DEFCANAME = "" Const DEFDNSUFFIX = "" Const DEFROOTCANAME = "" Const DEF_SEL_KEY_SIZE = "2048" Const DEF_SEL_HASH_ALG = "SHA1" Const DEF_INSTALL_WEB_OPTION = False Const DEF_INSTALL_SVC_OPTION = True Const DEF_LOG_FILENAME = "_SetupCA.log" Const DEF_INTERACTIVE = False 'example Capi1 Provider: "Microsoft Strong Cryptographic Provider" 'example RSA CNG provider: "RSA#MicrosoftKSP" 'example ECC 256 provider: "ECDSA_P256#Microsoft Software Key Storage Provider" 'example ECC 384 provider: "ECDSA_P384#Microsoft Software Key Storage Provider" 'example ECC 521 provider: "ECDSA_P521#Microsoft Software Key Storage Provider" Const DEF_SEL_PROVIDER = "RSA#Microsoft Software Key Storage Provider" 'Cert Server Role Dim eCARole eCARole = NO_INSTALL_CA 'Root CA's name (if this is a subordinate) Dim strRootCAName strRootCAName = DEFROOTCANAME 'This CA's name Dim strCAName Dim strDNSuffix strCAName = DEFCANAME strDNSuffix = DEFDNSUFFIX 'Crypto provider to be used to sign certs this CA Issues Dim strSelectedCSP strSelectedCSP = "" ' DEF_SEL_PROVIDER 'Hash algorithm to be used to sign certs this CA Issues Dim strSelectedHashAlg strSelectedHashAlg = "" ' DEF_SEL_HASH_ALG 'Signing key length Dim iSelectedKeySize iSelectedKeySize = "" ' DEF_SEL_KEY_SIZE 'Key/Cert Re-use flags Dim bReuseKey Dim bReuseCert Dim bReuseDB bReuseKey = False bReuseCert = False bReuseDB = False 'Interactive Flag Dim bInteractive bInteractive = DEF_INTERACTIVE 'Default to install or uninstall Dim bInstall bInstall = True 'Install the Web interface Dim bWebPages bWebPages = DEF_INSTALL_WEB_OPTION ' Install the Cert Server service. Dim bInstallService bInstallService = DEF_INSTALL_SVC_OPTION 'Log file Dim OutputFile Dim OutputFile2 'Needs to differentiate which package needs to be installed Dim PKGCA Dim PKGIIS Dim PKGWEB PKGCA = True PKGIIS = True PKGWEB = True 'Set if installing on core build Dim bIsCore bIsCore = False 'For the 'retry once' implementation Dim bRecursed bRecursed = False 'Begin script logic 'Ensure the output won't become hundreds of popup windows Call VerifyStandardStreams() 'Set up Local logging Set OutputFile = CreateLogFile(DEF_LOG_FILENAME) Dim g_oCASetup 'Start the script Call Main() '******************************************************************** '* '* Sub InstallPackages() '* '* Purpose: Install all required packagemanager packages '* '********************************************************************' Sub InstallPackages(Install) 'Get shell object to determine system drive value Dim WshShell Set WshShell = WScript.CreateObject("WScript.Shell") If (Install = True) Then If (PKGCA = True) Then Call OutputLine(ECHOMINIMAL, "Installing CA Packages, this will take several minutes...") Call WshShell.Run ("cmd /c servermanagercmd -install ADCS-Cert-Authority -resultPath installResult.xml", 0 , True) End If If (PKGWEB = True) Then Call OutputLine(ECHOMINIMAL, "Installing Web Page Packages, this will take several minutes...") Call WshShell.Run ("cmd /c servermanagercmd -install ADCS-Web-Enrollment -resultPath installResult.xml", 0 , True) End If Else If (PKGWEB = True) Then Call OutputLine(ECHOMINIMAL, "Removing Web Page Packages, this will take several minutes...") Call WshShell.Run ("cmd /c servermanagercmd -remove ADCS-Web-Enrollment -resultPath installResult.xml", 0 , True) End If If (PKGCA = True) Then Call OutputLine(ECHOMINIMAL, "Removing CA Packages, this will take several minutes...") Call WshShell.Run ("cmd /c servermanagercmd -remove ADCS-Cert-Authority -resultPath installResult.xml", 0 , True) End If End If Call OutputLine(ECHOMINIMAL, "Installing Packages, this will take several minutes...") Set WShShell = Nothing End Sub 'InstallPackage '******************************************************************** '* '* Sub Main() '* '* Purpose: Executes the main script logic '* Input: '* '* Output: '* '******************************************************************** Sub Main () Dim intOpMode 'Parse the command line intOpMode = intParseCmdLine() Select Case intOpMode Case CONST_SHOW_USAGE Call Usage() Exit Sub Case CONST_PROCEED 'Do Nothing Case CONST_ERROR Call OutputLine(ECHOMINIMAL,"Error occurred in passing parameters.") Exit Sub Case Else 'Default -- should never happen Call OutputLine(ECHOMINIMAL,"Error occurred in passing parameters.") Exit Sub End Select 'Check if certocm.dll is present, if not we are most likely running on core and need 'to use ocsetup to install CA package to get certocm.dll Dim FSO Set FSO = CreateObject("Scripting.FileSystemObject") Dim WshShell Dim envVars Dim strWinDir Set WshShell = WScript.CreateObject("WScript.Shell") Set envVars = WshShell.Environment("process") strWinDir = envVars("windir") wscript.echo "Checking if certocm.dll is present..." If Not FSO.FileExists(strWinDir + "\system32\certocm.dll") Then bisCore = True wscript.echo "Certocm.dll is not present installing CA package..." Call WshShell.Run ("cmd /c start /w ocsetup CertificateServices /norestart /quiet", 0 , True) wscript.echo "CA package installed..." Else wscript.echo "Certocm.dll is present not installing CA package" End If Set WshShell = Nothing Set envVars = Nothing Set g_oCASetup = CreateObject("certocm.CertSrvSetup") 'Install Packages Call OutputLine(ECHOMINIMAL,"Proceeding to update packages ...") Call InstallPackages(bInstall) If (eCARole <> NO_INSTALL_CA) And (eCARole <> UNINSTALL_CA) Then Call OutputLine(ECHOMINIMAL, "Main: Info collection complete. Starting install phase..." ) ' got the info we needed, now install.. Call OutputFile.WriteLine("Main: Installing...") If (True = InstallAndVerifyCA(eCARole, bInstallService, bWebPages)) Then Call OutputFile.WriteLine("Main: Install complete! Passed") Else Call OutputFile.WriteLine("Main: Install complete! Failed") Call WScript.Quit (1) End If 'Installed without errors Else If (eCARole = UNINSTALL_CA) Then If (bWebPages = False) And (bInstallService = True) Then Call OutputLine(ECHOMINIMAL, "Main: Uninstalling Web pages only...") 'Uninstall web pages only Call UninstallCA(True) Call OutputLine(ECHOMINIMAL, "Main: web pages Uninstalled!") Else Call OutputLine(ECHOMINIMAL, "Main: Uninstalling CA...") 'Uninstall web pages only Call UninstallCA(False) Call OutputLine(ECHOMINIMAL, "Main: Uninstalled!") End If End If End If ' Clean Up Call OutputFile.Close() End Sub 'Main '******************************************************************** '* '* Sub VerifyStandardStreams() '* '* Purpose: verify CScript.exe was used to launch this script. '* '******************************************************************** Sub VerifyStandardStreams() On Error Resume Next 'Attempt to write to the error stream Call WScript.StdOut.WriteLine() 'If couldn't display the error because cscript wasn't used, If (Err.Number <> 0) Then 'Report problem Call WScript.Echo("Please run this script from cscript.") 'Exit the script Call WScript.Quit (1) End If On Error Goto 0 End Sub 'VerifyStandardStreams '******************************************************************** '* '* Sub OutputLine() '* '* Purpose: Control the debug output at one location '* '* Input: Level compare to verbosity - if lower, don't display '* string String to output. '* '******************************************************************** Sub OutputLine(ByVal level, ByVal String) Call OutputFile.WriteLine(String) WScript.StdOut.WriteLine String End Sub ' OutputLine '******************************************************************** '* '* Sub PrintErrorInfo() '* '* Purpose: Control the debug output at one location '* '* Input: Message Message to log '* Err Error obejct to get info from '* '******************************************************************** Sub PrintErrorInfo(ByVal Message, ByVal oErr) Call OutputLine(ECHOMINIMAL, Message) Call OutputLine(ECHOMINIMAL, "Error Info: " & oErr.Number & ": " & oErr.Description) Call OutputLine(ECHOMINIMAL, "Error Source: " & oErr.Source) End Sub ' OutputLine '******************************************************************** '* '* Function intParseCmdLine() '* '* Purpose: Parses the command line. '* '* Input: none '* '* Output: none '* '******************************************************************** Function intParseCmdLine() On Error Resume Next Dim strFlag Dim intState Dim ArgTemp Dim intArgIter Dim objFileSystem If Wscript.Arguments.Count > 0 Then Call OutputFile.WriteLine("parsing arguments: ") For Each ArgTemp in WScript.Arguments If (InStr(ArgTemp," ") > 0) Then Call OutputFile.Write(Chr(34) & ArgTemp & Chr(34) & " ") Else Call OutputFile.Write(ArgTemp & " ") End If Next ' ArgTemp Call OutputFile.WriteLine strFlag = Wscript.arguments.Item(0) End If 'No arguments have been received If IsEmpty(strFlag) Then intParseCmdLine = CONST_SHOW_USAGE Exit Function ' intParseCmdLine End If 'Check if the user is asking for help or is just confused If (strFlag = "help") Or (strFlag = "/h") Or (strFlag = "\h") Or (strFlag = "-h") _ Or (strFlag = "\?") Or (strFlag = "/?") Or (strFlag = "?") _ Or (strFlag = "h") Then intParseCmdLine = CONST_SHOW_USAGE Exit Function ' intParseCmdLine End If 'Retrieve the command line and set appropriate variables intArgIter = 0 Do While intArgIter <= Wscript.arguments.Count - 1 Select Case Left(LCase(Wscript.arguments.Item(intArgIter)),4) Case "/int" bInteractive = True intArgIter = intArgIter + 1 Case "/sp" If Not blnGetArg("Crypto Provider", strSelectedCSP, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/sk" If Not blnGetArg("Key length", iSelectedKeySize, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/sa" If Not blnGetArg("Hash algorithm",strSelectedHashAlg, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/sn" If Not blnGetArg("CA Name", strCAName, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/dn" If Not blnGetArg("DN Suffix", strDNSuffix, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/sr" If Not blnGetArg("Root CA", strRootCAName, intArgIter) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intArgIter = intArgIter + 1 Case "/iw" If bIsCore = False Then bWebPages = True End If intArgIter = intArgIter + 1 Case "/ie" If (eCARole <> NO_INSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intParseCmdLine = CONST_PROCEED bInstallService = True eCARole = ENTERPRISE_ROOTCA intArgIter = intArgIter + 1 Case "/is" If (eCARole <> NO_INSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intParseCmdLine = CONST_PROCEED bInstallService = True eCARole = STANDALONE_ROOTCA intArgIter = intArgIter + 1 Case "/if" If (eCARole <> NO_INSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intParseCmdLine = CONST_PROCEED bInstallService = True eCARole = ENTERPRISE_SUBCA intArgIter = intArgIter + 1 Case "/it" If (eCARole <> NO_INSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If intParseCmdLine = CONST_PROCEED bInstallService = True eCARole = STANDALONE_SUBCA intArgIter = intArgIter + 1 Case "/uc" If (eCARole <> NO_INSTALL_CA) And (eCARole <> UNINSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If bInstallService = False bWebPages = False bInstall = False eCARole = UNINSTALL_CA intParseCmdLine = CONST_PROCEED intArgIter = intArgIter + 1 Case "/uw" If (eCARole <> NO_INSTALL_CA) And (eCARole <> UNINSTALL_CA) Then intParseCmdLine = CONST_ERROR Exit Function ' intParseCmdLine End If bWebPages = False bInstall = False eCARole = UNINSTALL_CA intParseCmdLine = CONST_PROCEED intArgIter = intArgIter + 1 Case "/rk" bReuseKey = True intArgIter = intArgIter + 1 Case "/rc" bReuseCert = True intArgIter = intArgIter + 1 Case "/rcd" bReuseCert = True bReuseDB = True intArgIter = intArgIter + 1 'Depricated switches kept to prevent automation from failing Case "/sl" intArgIter = intArgIter + 2 Case "/sc" intArgIter = intArgIter + 2 Case "/si" intArgIter = intArgIter + 2 Case Else 'We shouldn't get here Call OutputLine(ECHOMINIMAL, "Invalid or misplaced parameter: " & Wscript.arguments.Item(intArgIter)) Call OutputLine(ECHOMINIMAL, "Please check the input and try again") Call OutputLine(ECHOMINIMAL, "or invoke with " & Chr(39) & "/?" & Chr(39) & " for help with the syntax.") Wscript.Quit End Select Loop '** intArgIter <= Wscript.arguments.Count - 1 intParseCmdLine = CONST_PROCEED End Function '******************************************************************** '* '* Function blnGetArg() '* '* Purpose: Helper to intParseCmdLine() '* '* Usage: '* '* Case "/s" '* blnGetArg ("server name", strServer, intArgIter) '* '******************************************************************** Private Function blnGetArg (ByVal StrVarName, _ ByRef strVar, _ ByRef intArgIter) blnGetArg = False 'failure, changed to True upon successful completion Err.Clear If Len(Wscript.Arguments(intArgIter)) > 3 Then If Mid(Wscript.Arguments(intArgIter),4,1) = ":" Then If Len(Wscript.Arguments(intArgIter)) > 4 Then strVar = Right(Wscript.Arguments(intArgIter), _ Len(Wscript.Arguments(intArgIter)) - 4) blnGetArg = True Exit Function Else intArgIter = intArgIter + 1 If intArgIter > (Wscript.Arguments.Count - 1) Then Call OutputLine(ECHOMINIMAL, "Parameter Missing: " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If strVar = Wscript.Arguments.Item(intArgIter) If Err.Number Then Call OutputLine(ECHOMINIMAL, "Error: " & Err.Number & ": " & Err.Description & ".") Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If If InStr(strVar, "/") Then Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName) Call OutputLine(ECHOMINIMAL, "Invalid Parameter was:" & StrVar) Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If blnGetArg = True 'success End If Else strVar = Right(Wscript.Arguments(intArgIter), _ Len(Wscript.Arguments(intArgIter)) - 4) blnGetArg = True 'success Exit Function End If Else intArgIter = intArgIter + 1 If intArgIter > (Wscript.Arguments.Count - 1) Then Call OutputLine(ECHOMINIMAL, "Parameter Missing: " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If strVar = Wscript.Arguments.Item(intArgIter) If Err.Number Then Call OutputLine(ECHOMINIMAL, "Error: " & Err.Number & ": " & Err.Description & ".") Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName & ".") Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If If InStr(strVar, "/") Then Call OutputLine(ECHOMINIMAL, "Invalid " & StrVarName) Call OutputLine(ECHOMINIMAL, "Invalid Parameter was:" & StrVar) Call OutputLine(ECHOMINIMAL, "Please check the input and try again.") Exit Function End If blnGetArg = True 'success End If End Function '******************************************************************** '* '* Function CreateLogFile() '* '* Purpose: Creates the local log file of all of the script output '* '* Input: strLogFileName '* '******************************************************************** Function CreateLogFile(ByVal strLogFileName) Dim FileSystem Set FileSystem = CreateObject("Scripting.FileSystemObject") 'Get the actual path Dim strFileName strFileName = FileSystem.GetAbsolutePathName(strLogFileName) Call WScript.StdOut.WriteLine ("Log file = " & strFileName) On Error Resume Next ' just append to If FileSystem.FileExists(strFileName) Then 'Open Existing log Set CreateLogFile = FileSystem.OpenTextFile(strFileName, FILE_FLAG_APPEND, True) Else 'Open new log Set CreateLogFile = FileSystem.CreateTextFile(strFileName, True) End If Set FileSystem = Nothing If Err.Number <> 0 Then Call WScript.StdErr.WriteLine ("Error creating the log file " & strFileName) Call WScript.StdErr.WriteLine ("Error " & Err.Number & " - " & Err.Description) Call WScript.Quit (1) End If On Error Goto 0 End Function ' CreateLogFile '******************************************************************** '* '* Function SetProvider() '* '* Purpose: '* '* Input: ProviderString '* HashAlg '* KeyLen '* '******************************************************************** Function SetProvider(ByRef oCASetup, ByVal ProviderString, ByVal HashAlg, ByVal KeyLen) Call OutputLine(ECHOMINIMAL, _ "SetProvider called with " & _ Chr(34) & ProviderString & Chr(34) & ", " & _ Chr(34) & HashAlg & Chr(34) & ", " & _ Chr(34) & KeyLen & Chr(34)) 'Declare variable to store KeyInfo object Dim oCAKeyInfo Dim retVal retVal = False Call OutputLine(ECHOMINIMAL, "SetProvider: Creating oCAKeyInfo by calling oCASetup.GetCASetupProperty(SETUPPROP_CAKEYINFORMATION )") ' Create CA KeyInfo object Set oCAKeyInfo = oCASetup.GetCASetupProperty(SETUPPROP_CAKEYINFORMATION) If ("" <> ProviderString) Then Call OutputLine(ECHOMINIMAL, "SetProvider: Changing oCAKeyInfo.ProviderName to " & ProviderString) oCAKeyInfo.ProviderName = ProviderString End If ' only modify key length if it was specified If ("" <> KeyLen) Then Call OutputLine(ECHOMINIMAL, "SetProvider: Changing oCAKeyInfo.Length to " & KeyLen) oCAKeyInfo.Length = KeyLen End If ' Only modify hash algorithm if it was specified If ("" <> HashAlg) Then Call OutputLine(ECHOMINIMAL, "SetProvider: Changing oCAKeyInfo.HashAlgorithm to " & HashAlg) oCAKeyInfo.HashAlgorithm = HashAlg End If Call OutputLine(ECHOMINIMAL, "SetProvider: Calling oCASetup.SetCASetupProperty(SETUPPROP_CAKEYINFORMATION, oCAKeyInfo) ") On Error Resume Next Call Err.Clear() ' Set the keyInfo property Call oCASetup.SetCASetupProperty(SETUPPROP_CAKEYINFORMATION, oCAKeyInfo) If (Err.Number <> 0) Then Call OutputLine(ECHOMINIMAL, "SetProvider1: Error " & Err.Number & ": " & Err.Description) Call OutputLine(ECHOMINIMAL, "Error Source: " & Err.Source) 'Exit the script Call WScript.Quit (1) End If ' error occurred SetProvider = True End Function 'SetProvider '******************************************************************** '* '* Function InstallAndVerifyCA() '* '* Purpose: runs setup on CA object with specified params '* '* Input: CAType '* CAService '* WebPages '* '********************************************************************' Function InstallAndVerifyCA(ByVal CAType, ByVal CAService, ByVal WebPages) Dim LocalCAConfig Dim CADBPath ' Default to failed InstallAndVerifyCA = False On Error Resume Next Call Err.Clear() Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: InitializeDefaults") Call OutputLine(ECHOMINIMAL, "CAService: " & CAService) Call OutputLine(ECHOMINIMAL, "WebPages: " & WebPages) Err.Number = 0 ' Call this function with an error handling wrapper, or vbscript equivalent.. Call g_oCASetup.InitializeDefaults(CAService, WebPages) If (0 <> Err.Number) Then If (5 = Err.Number) Then ' uninstall If(bRecursed = False) Then bRecursed = True Call UninstallCA(False) InstallAndVerifyCA = InstallAndVerifyCA( CAType, CAService, WebPages) Exit Function End If End If 'error is already installed Call PrintErrorInfo("CA Already install and cannot uninstall", Err) Call OutputLine(ECHOMINIMAL, "") Exit Function 'InstallAndVerifyCA End If 'error occurred 'Specify CA role Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: SetCASetupProperty - CAType = " & CAType) Call g_oCASetup.SetCASetupProperty(SETUPPROP_CATYPE, CAType) If (0 <> Err.Number) And (VALUE_OUT_OF_RANGE <> Err.Number) Then Call PrintErrorInfo("InstallAndVerifyCA3:unable to set SETUPPROP_CATYPE!", Err) Exit Function 'InstallAndVerifyCA End If 'not a domain admin and error occurred If (VALUE_OUT_OF_RANGE = Err.Number) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: Error! Must be a domain administrator to create Enterprise CA") Exit Function 'InstallAndVerifyCA End If ' not a domain admin Call Err.Clear() if (bInteractive <> FALSE) then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: SetCASetupProperty - Interactive = " & bInteractive) Call g_oCASetup.SetCASetupProperty(SETUPPROP_INTERACTIVE, bInteractive) If (0 <> Err.Number) Then Call PrintErrorInfo("InstallAndVerifyCA:unable to set Interactive!", Err) Call OutputLine(ECHOMINIMAL, "") Exit Function 'InstallAndVerifyCA End If end if If (False <> bReuseKey) Or (False <> bReuseCert) Then If (False = SetupKeyReuse(bReuseKey, bReuseCert, strCAName)) Then Call PrintErrorInfo("InstallAndVerifyCA: SetupKeyReuse failed.", Err) Exit Function End If Else If "" <> strCAName then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: SetCADistinguishedName") 'CAName, ignore UTF8, overwrite existing key, overwrite CA in DS Dim strCAFullDN strCAFullDN = "CN=" & strCAName If "" <> strDNSuffix then strCAFullDN = strCAFullDN & "," & strDNSuffix Call g_oCASetup.SetCADistinguishedName(strCAFullDN, True, True, True) 'Display errors If (g_oCASetup.CAErrorId <> 0) Then Call PrintErrorInfo("InstallAndVerifyCA:SetCADistinguishedName failed. ", Err) End If End If End If Call Err.Clear() If (CAType <> ENTERPRISE_ROOTCA) And (CAType <> STANDALONE_ROOTCA) And (bReuseCert <> True) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: SetParentCAInformation") 'Set parent CA information if it is a subordinate Call g_oCASetup.SetParentCAInformation(strRootCAName) If (0 <> Err.Number) And (ROOT_CA_NOT_FOUND <> Err.Number) Then Call PrintErrorInfo("InstallAndVerifyCA:unable to set ParentCAInformation!", Err) Call OutputLine(ECHOMINIMAL, "") Exit Function 'InstallAndVerifyCA End If ' root ca not found If (ROOT_CA_NOT_FOUND = Err.Number) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: Root CA (to Subordinate to) could not be found!") Exit Function 'InstallAndVerifyCA End If ' root ca not found End If ' not root Call Err.Clear() If (True = WebPages) And (CAType = NO_INSTALL_CA) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: SetWebCAInformation") 'Set web CA information if it is a web pages Call g_oCASetup.SetWebCAInformation(strCAName) If (0 <> Err.Number) Then If ( REG_VALUE_NOT_FOUND <> Err.Number) Then Call PrintErrorInfo("InstallAndVerifyCA:unable to set SetWebCAInformation!", Err) Call OutputLine(ECHOMINIMAL, "") Else Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: install failed, registry key not present!") End If Exit Function 'InstallAndVerifyCA End If ' error End If ' web pages should be installed Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: Setting Key Properties") Call Err.Clear() Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: calling SetProvider") 'Dim KeyLenVar 'KeyLenVar = ProviderKeyLength(strSelectedCSP) 'If ("" <> KeyLenVar) Then ' iSelectedKeySize = KeyLenVar 'End If Call Err.Clear() If (bReuseCert = False) Then Dim bProviderSet bProviderSet = SetProvider(g_oCASetup, strSelectedCSP, strSelectedHashAlg, iSelectedKeySize) If (False = bProviderSet) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA:unable to set key properties!") Exit Function 'InstallAndVerifyCA End If 'error occurred End If Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: BeforeInstall!") Call g_oCASetup.Install() If (0 <> Err.Number) Then If ( REG_VALUE_NOT_FOUND <> Err.Number) Then Call PrintErrorInfo("InstallAndVerifyCA:Install failed!", Err) Call OutputLine(ECHOMINIMAL, "") Else Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: install failed, registry key not present!") Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: " & Err.Number & ": " & Err.Description) End If Exit Function 'InstallAndVerifyCA End If 'error occurred Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: AfterInstall!") On Error GoTo 0 Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: calling GetLocalCAConfig") LocalCAConfig = GetLocalCAConfig() If (LocalCAConfig = "") Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: CA Reg entry not present!") Exit Function 'InstallAndVerifyCA End If ' getlocalcaconfig failed WScript.Sleep 30000 If (CAService = True) Then If (0 <> PingCA(LocalCAConfig)) Then Call OutputLine(ECHOMINIMAL, "InstallAndVerifyCA: Service not started!") Exit Function 'InstallAndVerifyCA End If ' can't ping service End If ' ca set to install as a service InstallAndVerifyCA = True End Function 'InstallAndVerifyCA '******************************************************************** '* '* Function UninstallCA() '* '* Purpose: Uninstalls all of the CA server components or optionally just the pages '* '* Input: '* '********************************************************************' Function UninstallCA(ByVal WebPagesOnly) Dim LocalCAConfig Call OutputLine(ECHOMINIMAL, "UninstallCA: calling GetLocalCAConfig") ' See where the server is at currently LocalCAConfig = GetLocalCAConfig() If ("" = LocalCAConfig) Then Call OutputLine(ECHOMINIMAL, "UninstallCA: CA not installed!") UninstallCA = True Exit Function 'UninstallCA End If ' getlocalcaconfig failed Call OutputLine(ECHOMINIMAL, "UninstallCA: calling .PreUninstall") ' Clean up the web pages On Error Resume Next Call g_oCASetup.PreUninstall(WebPagesOnly) If Err.Number <> 0 Then Call PrintErrorInfo("UninstallCA: ", Err) End If Call OutputLine(ECHOMINIMAL, "UninstallCA: calling .PostUninstall") Call g_oCASetup.PostUninstall() Call OutputLine(ECHOMINIMAL, "UninstallCA: calling .GetLocalCAConfig") ' Check registry to see if CA is still installed LocalCAConfig = GetLocalCAConfig() If ("" = LocalCAConfig) Then 'Not installed! Call OutputLine(ECHOMINIMAL, "UninstallCA: Uninstall completed Successfully!") UninstallCA = True Exit Function 'UninstallCA End If 'getlocalcaconfig failed Call OutputLine(ECHOMINIMAL, "UninstallCA: calling PingCA") ' If the registry is still there, it might just be slow. ' Try pinging the CA If (0 <> PingCA("")) Then UninstallCA = True Exit Function 'UninstallCA End If ' can't ping service ' Default to error UninstallCA = False End Function 'UninstallCA '******************************************************************** '* '* Function GetLocalCAConfig() '* '* Purpose: Determine role of CA if installed '* '* Input: '* '********************************************************************' Function GetLocalCAConfig() Dim WshShell Dim ActiveConfig Dim CAName Dim CAServer On Error Resume Next Set WshShell = WScript.CreateObject("WScript.Shell") ActiveConfig = WshShell.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\Active") If (Err.Number <> 0) Then If (REG_VALUE_NOT_FOUND <> Err.Number) Then GetLocalCAConfig = "" Call PrintErrorInfo("GetLocalCAConfig: ", Err) Exit Function 'GetLocalCAConfig Else ' reg value not found GetLocalCAConfig = "" Call OutputLine(ECHOMINIMAL, "GetLocalCAConfig: CA Not Installed!") Call OutputLine(ECHOMINIMAL, "") Exit Function 'GetLocalCAConfig End If ' reg value found End If ' error occurred Call OutputLine(ECHOMINIMAL," Reading HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\" & ActiveConfig & "\CommonName") CAName = WshShell.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\" & ActiveConfig & "\CommonName") Call OutputLine(ECHOMINIMAL, "CAName: " & CAName) Call OutputLine(ECHOMINIMAL," Reading HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\" & ActiveConfig & "\CAServerName") CAServer = WshShell.RegRead("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\" & ActiveConfig & "\CAServerName") Call OutputLine(ECHOMINIMAL, "CAServer: " & CAServer) ' Cleanup Set WShShell = Nothing 'Set Return value GetLocalCAConfig = CAServer & "\" & CAName End Function 'GetLocalCAConfig '******************************************************************** '* '* Function PingCA() '* '* Purpose: use CertUtil to ping the CA '* '* Input: '* '********************************************************************' Function PingCA(ByVal CAConfig) Dim WshShell Dim command Dim RunRet Set WshShell = WScript.CreateObject("WScript.Shell") If ("" <> CAConfig) Then command = "certutil -config " & CAConfig & " -ping" Else 'caconfig param null command = "certutil -ping" End If ' caconfig param passed RunRet = WshShell.Run(command, 1, False) Set WShShell = Nothing PingCA = RunRet End Function ' PingCA '******************************************************************** '* '* Function SetUpKeyReuse() '* '* Purpose: use CertUtil to ping the CA '* '* Input: '* '********************************************************************' Function SetUpKeyReuse(ByVal bReuseKey, ByVal bReuseCert, ByVal KeyName) Dim oCAKeyInfo Dim oExistingCerts Dim CertInfo On Error Resume Next Set oCAKeyInfo = g_oCASetup.GetCASetupProperty(SETUPPROP_CAKEYINFORMATION) Set oExistingCerts = g_oCASetup.GetExistingCACertificates() Call OutputLine(ECHOMINIMAL,"Searching Existing Machine Keys") For Each CertInfo in oExistingCerts wscript.echo "Existing Cert: " & certinfo.ContainerName If (KeyName = certinfo.ContainerName) Then wscript.echo "Found cert!" oCAKeyInfo.Existing = True If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.Existing", Err) oCAKeyInfo.ContainerName = CertInfo.ContainerName If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.ContainerName", Err) oCAKeyInfo.HashAlgorithm = CertInfo.HashAlgorithm If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.HashAlgorithm", Err) oCAKeyInfo.Length = CertInfo.Length If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.Length", Err) oCAKeyInfo.ProviderName = CertInfo.ProviderName If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.ProviderName", Err) If (bReuseCert = True) Then oCAKeyInfo.ExistingCACertificate = CertInfo.ExistingCACertificate If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: oCAKeyInfo.ExistingCACertificate", Err) End If Call g_oCASetup.SetCASetupProperty(SETUPPROP_CAKEYINFORMATION, oCAKeyInfo) If (Err.Number <> 0) Then Call PrintErrorInfo("SetUpKeyReuse: g_oCASetup.SetCASetupProperty(1, oCAKeyInfo)", Err) wscript.echo g_oCASetup.GetCASetupProperty(SETUPPROP_CANAME) wscript.echo g_oCASetup.GetCASetupProperty(SETUPPROP_CADSSUFFIX) End If Next SetupKeyReuse = True End Function ' SetKeyReuse

Open in New Window

Select All