locked
Waiting time of 10 minutes after succesful certreq -new command RRS feed

  • Question

  • Hello,

    I can successfully creates certificate requests with the command certreq -new <request.ini> <request.req>

    But afterwards I have to wair exactly 10 minutes until I get back the prompt in the command shell.

    What is the reason for this?

    How can it be avoided?

    Thanks in advance for some advice.

    Best regards

    Ma_Moo

    Friday, February 10, 2017 1:58 PM

Answers

  • Hi,

    @Vadims , I was thinking there is something related to AD ,thank you for point us to right direction.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Ma_Moo Thursday, February 23, 2017 3:06 PM
    Thursday, February 23, 2017 2:17 AM

All replies

  • Hi,

    >>I can successfully creates certificate requests with the command certreq -new <request.ini> <request.req>

    Sorry I can't reproduce this behavior in my lab.Are  there .ini and .req files with a network path?Did you check the task manager or performance counter when you run this command,is there anything unusual?


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 13, 2017 7:36 AM
  • Hello,

    this ist the ini-file:

    -------------------------------------------------------------------------------------------
    ;---------CertificateRequestTemplate.inf-------------
    [Version]
    Signature="$Windows NT$"
    [NewRequest]
    Subject="CN=test,OU=PKI,O=Ma_Moo,C=de"
    Exportable=TRUE
    MachineKeySet=FALSE
    KeyLength=2048
    [RequestAttributes]
    CertificateTemplate="MAMBenutzer"
    -------------------------------------------------------------------------------------------

    And this is the response in the cmd-shell:

    -------------------------------------------------------------------------------------------
    C:\Daten>certreq -new -f crqTemplate.inf new.req
    Active Directory-Registrierungsrichtlinie
    {A61423C1-6E6E-4FCB-A454-14687D3B91B1}
    ldap:

    CertReq: Anforderung erstellt
    -------------------------------------------------------------------------------------------

    In this status the req-file is created with the right content.
    But the shell is hanging for 10 minutes.

    Best regards

    Ma_Moo

    Monday, February 13, 2017 3:46 PM
  • Hi,

    >>

    this ist the ini-file:

    -------------------------------------------------------------------------------------------
    ;---------CertificateRequestTemplate.inf-------------
    [Version]
    Signature="$Windows NT$"
    [NewRequest]
    Subject="CN=test,OU=PKI,O=Ma_Moo,C=de"
    Exportable=TRUE
    MachineKeySet=FALSE
    KeyLength=2048
    [RequestAttributes]
    CertificateTemplate="MAMBenutzer"

    Please try to add a DNS name to SAN in request.inf and  test again.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 17, 2017 7:39 AM
  • Hello,

    I have added the following lines to the ini-file:

    [Extensions]
    2.5.29.17 = "{text}"
    _continue_ = "dns=server.mamoo.de"

    ===============================

    The result is the same. The request-file is created at once, but then I have a timeout of 10 minutes, until the prompt appears again.

    Best regards

    Monday, February 20, 2017 11:56 AM
  • What happens if you perform certificate requests using certmgr.msc or certlm.msc? 

    This is very unusual behavior and I believe it has nothing whatsoever to do with using certreq.exe.

    Brian

    Monday, February 20, 2017 2:50 PM
  • Hello,

    using certmgr.msc it works without any problems.

    I have to deliver the subject distinguished name and the certificate is registered without delay.

    Best regards

    MaMoo

    Tuesday, February 21, 2017 9:33 AM
  • Are you trying it on a domain machine? IIRC this could be caused when certreq can't obtain template information from Active Directory.

    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    Tuesday, February 21, 2017 6:34 PM
  • Hello, this was a good hint.

    I removed the lines

    [RequestAttributes]
    CertificateTemplate="MAMBenutzer"

    from the ini-file, and the request was created immediately and there was no timeout any more.

    As compensation I must give now the information about the used template as option in the submit command.

    certreq -submit -attrib CertificateTemplate:MAMBenutzer ...

    Thank you, it works fine now.
    But, could you please give me a short explanation of this behaviour.

    Best regards MaMoo

    Wednesday, February 22, 2017 12:36 PM
  • Hi,

    @Vadims , I was thinking there is something related to AD ,thank you for point us to right direction.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    • Marked as answer by Ma_Moo Thursday, February 23, 2017 3:06 PM
    Thursday, February 23, 2017 2:17 AM
  • Thanks to all

    MaMoo

    Thursday, February 23, 2017 3:07 PM