1

I'm automating a process and have that constraint that I can only use Windows Server (2012 is the base, but I'm not sure if a 2008 will show up somewhere) native tools. I need to get a key pair (certificate.pem and certificate_key.pem) and transform it into a PFX bundle to use with IIS. I know I can use certutil -MergePFX input_certificate output_certificate but it depends on user interaction. I attempted to use certutil -p '' -MergePFX [...] but it didn't work, certutil throws a couple errors about the number of parameters being wrong. There's a way to run it without interactivity? Am I missing other Windows native tools that can do the same?

The machine issuing commands is running python + pyWinRM, the scripts being sent to remote execution are all powershell.

Tonon
  • 11
  • 3

1 Answers1

0

You are using a Windows executable file with Python, thus this is not a PowerShell question, even if you are running this in a PowerShell consolehost, or ISE/VSCode.

This is specifically a 'How I do X with Y?', question.

PowerShell cannot supplant or subvert the executables' requirements. If you specify an argument, then you must provide a value. If the value cannot be null, then you must provide a value.

You are using -p which is the password parameter. Try removing that argument/option/step of removing that part of code could solve your issue.

postanote
  • 4,589
  • 2
  • 7
  • 7
  • I understand your point on the question not being exactly about powershell, but the part being executed by WinRM is Powershell, no? Anyway, my trouble is with a single cmdlet, `certutil`, that always asks for a password and the `-p` parameter is an array of passwords that won't accept blank as an answer. – Tonon Oct 28 '20 at 08:50
  • As for [but the part being executed by WinRM is Powershell, no?]. Nope. You can run almost any executable from PowerShell, but PowerShell has zero control of what it is doing or capable of. certutil os not a PowerShell cmdlets, nor is it an alias for any PowerShell cmdlet. It is a Windows executable, that has been is Windows since before PowerShell ever existed and WinRM has been around since before PowerShell ever existed. WinRM is a connection protocol, not a cmdlet or PowerShell feature, like .Net, PowerShell can use it.. What you have is a certutil specific limitation, not PowerShell. – postanote Oct 28 '20 at 21:45