Untitled

Invoke-Command -ComputerName $computer -credential $cred -Authentication CredSSP -ScriptBlock {
    param($csr, $ca_template_name, $ca_name)

    function cleanTempfiles() {
        param(
            [String[]] $files
        )
        Remove-Item -Path $files -Force -ErrorAction SilentlyContinue
    }

    try {
        #Step 1 --- Prepare and Clean any existing temporary files
        $req = [System.IO.Path]::GetTempFileName()
        $cer = Join-Path -Path $env:TEMP -ChildPath "temp.cer"
        $rsp = Join-Path -Path $env:TEMP -ChildPath "temp.rsp"
        cleanTempFiles -files $cer, $rsp

        #Step 2 --- Retrieve Microsoft CA name from domain configuration
        $clean_ca_name = ""

        #No CA Name was provided --- attempt to get the CA Name from LDAP automatically
        if(!$ca_name) {
            $rootDse = [System.DirectoryServices.DirectoryEntry]'LDAP://RootDSE'
            $sb = [System.DirectoryServices.DirectoryEntry]"LDAP://$($rootDse.configurationNamingContext)"
            $cas = [System.DirectoryServices.DirectorySearcher]::new($sb,'objectClass=pKIEnrollmentService').FindAll()

            if($cas.Count -eq 1){
                $ca_name = "$($cas[0].Properties.dnshostname)\$($cas[0].Properties.cn)"
                $clean_ca_name = $ca_name
            } else {
                #No CA Name was provided --- Multiple CAs on Host can't resolve CA Name automatically
                throw "Multiple CAs on Host, Please provide CA Name in routing policy"
            }
        }

        if (!$ca_name -eq "") {
            $clean_ca_name = $ca_name
            $ca_name = " -config `"$ca_name`""
        }

        if(!$ca_template_name -eq "") {
            $ca_template_name = " -attrib `"CertificateTemplate:$ca_template_name`""
        }

        #Step 4 --- Execute request logic
        Set-Content -Path $req -Value $csr

        #Step 4.4 -- Submit request to CA
        $requestId = Invoke-Expression "certreq -f -q -submit $ca_template_name $ca_name `"$req`" `"$cer`" 2>&1"
        $requestId = ($requestId -split '\n')[0]
        $requestId = ($requestId -split ': ')[1]
        $requestId = [int]$requestId

        if (!($LastExitCode -eq 0)) {
            throw "certreq -f -q -submit command failed"
        }

        #Step 4.5 --- Retrieve root CA pem
        Invoke-Expression -Command "& certutil '-f' $ca_name '-ca.cert' 'ca.cer'" | Out-Null
        Invoke-Expression -Command "& certutil '-f' '-encode' 'ca.cer' 'ca.pem'" | Out-Null
        $root_pem = Get-Content -Path ca.pem | Out-String

        #Step 4.6 -- Parse certificate details from CA
        $CaView = New-Object -ComObject CertificateAuthority.View
        $CaView.OpenConnection($clean_ca_name)
        $Table = "Request"
        $CaView.SetTable(0x0)
        $ColumnIndex = $CaView.GetColumnIndex(0,"RequestID")
        $operator = @{"eq" = 1;"le" = 2; "lt" = 4; "ge" = 8; "gt" = 16}
        $CaView.SetRestriction($ColumnIndex,$operator["eq"],0,$requestId)
        $ColumnCount = $CaView.GetColumnCount(0)
        $CaView.SetResultColumnCount($ColumnCount)
        0..($ColumnCount - 1) | ForEach-Object {$CaView.SetResultColumn($_)}
        $Row = $CaView.OpenView()
        while ($Row.Next() -ne -1) {
            $cert = New-Object psobject -Property @{
                ConfigString = $ConfigString;
            }
            $Column = $Row.EnumCertViewColumn()
            while ($Column.Next() -ne -1) {
                $current = $Column.GetName()
                $Cert | Add-Member -MemberType NoteProperty $($Column.GetName()) –Value $($Column.GetValue(1)) –Force
                if ($Cert.CertificateTemplate -match "^(\d\.){3}") {
                    $cert.CertificateTemplate = ([Security.Cryptography.Oid]$Column.GetValue(1)).FriendlyName
                }
            }
        }

        $cert | add-member -name "RootPem" -value $root_pem -memberType NoteProperty
        $cert | ConvertTo-Json

    } catch {
        Write-Error $_
    } finally {
        cleanTempfiles -files $cer, $req, $rsp
    }
} -ArgumentList ($csr, $ca_template_name, $ca_name)