Creates a new computer certificate – self-signed or signed by an Active Directory CA, using the Web Server certificate.
By default, a key with a length of 1024 and a friendly name of the machines FQDN is generated.
This command was originally intended to help automate the process so that SSL certificates can be available for enforcing encryption on connections.
It makes a lot of assumptions – namely, that your account is allowed to auto-enroll and that you have permission to do everything it needs to do 😉
The certificate is generated using AD’s webserver SSL template on the client machine and pushed to the remote machine.
Creates a computer certificate signed by the local domain CA for the local machine with the keylength of 1024.
Creates a computer certificate signed by the local domain CA on the local machine for server1 with the keylength of 1024.
The certificate is then copied to the new machine over WinRM and imported.
New-DbaComputerCertificate -ComputerName Server1
Creates a computer certificate for sqlcluster, signed by the local domain CA, with the keylength of 4096.
The certificate is then copied to sqla and sqlb over WinRM and imported.
New-DbaComputerCertificate -ComputerName sqla, sqlb -ClusterInstanceName sqlcluster -KeyLength 4096
Shows what would happen if the command were run.
New-DbaComputerCertificate -ComputerName Server1 -WhatIf
Creates a self-signed certificate.
This command was created by Chrissy LeMaire. You can find Chrissy on Twitter.