Remove From My Forums

Waiting time of 10 minutes after succesful certreq -new command

Question
0

Sign in to vote

Hello,

I can successfully creates certificate requests with the command certreq -new <request.ini> <request.req>

But afterwards I have to wair exactly 10 minutes until I get back the prompt in the command shell.

What is the reason for this?

How can it be avoided?

Thanks in advance for some advice.

Best regards

Ma_Moo

Friday, February 10, 2017 1:58 PM

Answers

0

Sign in to vote
Hi,

@Vadims , I was thinking there is something related to AD ,thank you for point us to right direction.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Marked as answer by Ma_Moo Thursday, February 23, 2017 3:06 PM
Thursday, February 23, 2017 2:17 AM

All replies

0

Sign in to vote

Hi,

>>I can successfully creates certificate requests with the command certreq -new <request.ini> <request.req>

Sorry I can't reproduce this behavior in my lab.Are there .ini and .req files with a network path?Did you check the task manager or performance counter when you run this command,is there anything unusual?
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Monday, February 13, 2017 7:36 AM
0

Sign in to vote

Hello,

this ist the ini-file:

-------------------------------------------------------------------------------------------
;---------CertificateRequestTemplate.inf-------------
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject="CN=test,OU=PKI,O=Ma_Moo,C=de"
Exportable=TRUE
MachineKeySet=FALSE
KeyLength=2048
[RequestAttributes]
CertificateTemplate="MAMBenutzer"
-------------------------------------------------------------------------------------------

And this is the response in the cmd-shell:

-------------------------------------------------------------------------------------------
C:\Daten>certreq -new -f crqTemplate.inf new.req
Active Directory-Registrierungsrichtlinie
{A61423C1-6E6E-4FCB-A454-14687D3B91B1}
ldap:

CertReq: Anforderung erstellt
-------------------------------------------------------------------------------------------

In this status the req-file is created with the right content.
But the shell is hanging for 10 minutes.

Best regards

Ma_Moo

Monday, February 13, 2017 3:46 PM
0

Sign in to vote

Hi,

>>

this ist the ini-file:

-------------------------------------------------------------------------------------------
;---------CertificateRequestTemplate.inf-------------
[Version]
Signature="$Windows NT$"
[NewRequest]
Subject="CN=test,OU=PKI,O=Ma_Moo,C=de"
Exportable=TRUE
MachineKeySet=FALSE
KeyLength=2048
[RequestAttributes]
CertificateTemplate="MAMBenutzer"

Please try to add a DNS name to SAN in request.inf and test again.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Friday, February 17, 2017 7:39 AM
0

Sign in to vote

Hello,

I have added the following lines to the ini-file:

[Extensions]
2.5.29.17 = "{text}"
_continue_ = "dns=server.mamoo.de"

===============================

The result is the same. The request-file is created at once, but then I have a timeout of 10 minutes, until the prompt appears again.

Best regards

Monday, February 20, 2017 11:56 AM
0

Sign in to vote

What happens if you perform certificate requests using certmgr.msc or certlm.msc?

This is very unusual behavior and I believe it has nothing whatsoever to do with using certreq.exe.

Brian

Monday, February 20, 2017 2:50 PM
0

Sign in to vote

Hello,

using certmgr.msc it works without any problems.

I have to deliver the subject distinguished name and the certificate is registered without delay.

Best regards

MaMoo

Tuesday, February 21, 2017 9:33 AM
0

Sign in to vote
Are you trying it on a domain machine? IIRC this could be caused when certreq can't obtain template information from Active Directory.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: www.sysadmins.lv
PowerShell PKI Module: PSPKI
Check out new: SSL Certificate Verifier
Check out new: PowerShell File Checksum Integrity Verifier tool.
- Proposed as answer by Vadims PodansMVP Wednesday, February 22, 2017 6:22 PM
Tuesday, February 21, 2017 6:34 PM
0

Sign in to vote

Hello, this was a good hint.

I removed the lines

[RequestAttributes]
CertificateTemplate="MAMBenutzer"

from the ini-file, and the request was created immediately and there was no timeout any more.

As compensation I must give now the information about the used template as option in the submit command.

certreq -submit -attrib CertificateTemplate:MAMBenutzer ...

Thank you, it works fine now.
But, could you please give me a short explanation of this behaviour.

Best regards MaMoo

Wednesday, February 22, 2017 12:36 PM
0

Sign in to vote
Hi,

@Vadims , I was thinking there is something related to AD ,thank you for point us to right direction.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com
- Marked as answer by Ma_Moo Thursday, February 23, 2017 3:06 PM
Thursday, February 23, 2017 2:17 AM
0

Sign in to vote

Thanks to all

MaMoo

Thursday, February 23, 2017 3:07 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Waiting time of 10 minutes after succesful certreq -new command

Question

Answers

All replies