powershell - 提交 CSR 并使用 Get-Certificate 获取新证书

问题描述

我正在尝试使用以下方法从证书服务器获取新证书：

    $user = "MYDOMAIN\Administrator"
    $pw = ConvertTo-SecureString "mypw" -AsPlainText -Force
    $credential = New-Object -typename System.Management.Automation.PSCredential -ArgumentList $user,$pw
    Get-Certificate -url https://cs.mytest.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP -DnsName $Env:COMPUTERNAME -CertStoreLocation cert:\LocalMachine\My -Template WorkstationTemplate -Verbose -Credential $credential 

但是我回来了：

VERBOSE: Performing the operation "Get-Certificate" on target "https://cs.mytest.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP".
Get-Certificate : CertEnroll::CX509CertificateTemplates::get_ItemByName: Cannot find object or property. 0x80092004 (-2146885628 CRYPT_E_NOT_FOUND)
At line:4 char:1
+ Get-Certificate -url https://cs.mytest.com/ADPolicyProvi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Certificate], Exception
    + FullyQualifiedErrorId : System.Exception,Microsoft.CertificateServices.Commands.GetCertificateCommand

我在与测试 CS 相同的机器上执行命令，以确保没有网络问题，并且我以域管理员身份登录。证书服务器在 Server 2016 上作为独立 CA 运行。

我错过了什么？它在抱怨哪个对象？

标签： powershellwindows-serverpki