Hello,
First, I wanted to say you did a wonderful job with the 3.0 release!
Another (very minor) feature request from me... Most of the time (in my case anyway) you execute PSPKI commands from the CA server itself but still you always have to pass to (almost) every command an instance of the CA that you have to previously retrieve through either the machine name or the CA name.
I ended creating a small helper function that retrieve the CA object for the local server and thought it might be useful to others as well.
Even better than a helper function that gets the local instance (which would still be useful in some cases), it would be good that all cmdlets that expect a CertificationAuthority object as input consider no value as the local CA (and throw an exception if the local machine is not a CA of course).
Jordan
Comments: > Most of the time (in my case anyway) you execute PSPKI commands from the CA server itself It is not recommended to run the module from CA server. Any logon to CA server should be restricted. Therefore all server-side commands do support remote CAs. That is, CA administrator should manage CA server from his own PC. This is why I didn't added local CA default lookup. In addition, the module is intended to manage CAs in bulk. Say, restart all CAs in the forest: Get-CA | Restart-CA. I know, certutil is designed to use local CA by default, but it isn't a good practice from my (and other PKI experts) perspective. CA server should be managed remotely. Therefore, it is unlikely that I will change designed behavior (not because I don't want) and it would be reasonable to create a helper if necessary.
First, I wanted to say you did a wonderful job with the 3.0 release!
Another (very minor) feature request from me... Most of the time (in my case anyway) you execute PSPKI commands from the CA server itself but still you always have to pass to (almost) every command an instance of the CA that you have to previously retrieve through either the machine name or the CA name.
I ended creating a small helper function that retrieve the CA object for the local server and thought it might be useful to others as well.
Even better than a helper function that gets the local instance (which would still be useful in some cases), it would be good that all cmdlets that expect a CertificationAuthority object as input consider no value as the local CA (and throw an exception if the local machine is not a CA of course).
Jordan
Comments: > Most of the time (in my case anyway) you execute PSPKI commands from the CA server itself It is not recommended to run the module from CA server. Any logon to CA server should be restricted. Therefore all server-side commands do support remote CAs. That is, CA administrator should manage CA server from his own PC. This is why I didn't added local CA default lookup. In addition, the module is intended to manage CAs in bulk. Say, restart all CAs in the forest: Get-CA | Restart-CA. I know, certutil is designed to use local CA by default, but it isn't a good practice from my (and other PKI experts) perspective. CA server should be managed remotely. Therefore, it is unlikely that I will change designed behavior (not because I don't want) and it would be reasonable to create a helper if necessary.