Assume the following scenario:
- An attempt is made to request a certificate via Windows PowerShell using Certificate Enrollment Web Services.
- The request fails with the following error message:
Get-Certificate : CX509EnrollmentPolicyWebService::LoadPolicy: Access was denied by the remote endpoint. 0x803d0005 (-2143485947 WS_E_ENDPOINT_ACCESS_DENIED)
The Certificate Enrollment Web Services (Certificate Enrollment Policy Web Service, CEP, and Certificate Enrollment Web Service, CES) enable the automatic request and renewal of certificates from a certification authority via a Web-based interface. This eliminates the need to contact the certification authority directly via Remote Procedure Call (RPC). For a more detailed description, see the article "Certificate request basics via Certificate Enrollment Web Services (CEP, CES)„.
Example command:
Get-Certificate ` -Url "https://cews.adcslabor.de/ADPolicyProvider_CEP_Kerberos/service.svc/CEP" ` -Template "ADCSLaboratoryUser" ` -CertStoreLocation Cert:\CurrentUser\My