Add KRA certs from the AD

Jun 21, 2012 at 8:22 AM


I try to add a KRA cert using the folling command on a issuing CA

$CA=Get-ca -Name Issuing-CA907

$KRACert = Get-ADKRACertificate -subject "*agent01*"
Add-CAKRACertificate -InputObject $CA -Certificate $KRACert | Set-CAKraCertificate -RestartCA


 $KRACert = Get-ADKRACertificate -subject "*agent01*"
Add-CAKRACertificate -InputObject $CA -Certificate $KRACert | Set-CAKraCertificate -RestartCA
Exception calling "SetInfo" with "1" argument(s): "CCertAdmin::SetCAProperty: The parameter is incorrect. 0x80070057 (WIN32: 87)"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSPKI\Set-CAKRACertificate.ps1:20 char:40
+             [bool]$return = $InputObject.SetInfo <<<< ($RestartCA)
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
WARNING: Input object was not modified. Key Recovery Agents are not rewrited.

DisplayName                                              ComputerName                                             Certificate                                                                                            IsModified
-----------                                              ------------                                             -----------                                                                                            ----------
Issuing-CA907                                     CA907.test.te                                  {[Subject]...                                                                                                True


Als tryed:

$KRACert = Get-ADKRACertificate -subject "*agent01*"
Get-CAKRACertificate -CA $CA| Add-CAKRACertificate -Certificate $KRACert | Set-CAKraCertificate -RestartCA

Same output. What is going wrong here? Are the powershell command's wrong? If I try it from the CA console there are on issues.

Jun 21, 2012 at 9:08 AM

I'll look into this. Something weird.

Jun 22, 2012 at 4:12 PM

This release: has updated PKI.Core.dll file with fixed ICertAdmin interface call sequence.