$templateName = 'RADIUS Template'
$certSN = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object{ $_.Extensions | Where-Object{ ($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName) }} | select-object SerialNumber
certreq -enroll -machine -q -cert $certSN.SerialNumber renewIf it should be executed by a GPO and only once, use the following
# Define a flag file path
$flagFilePath = "$env:ProgramData\RADIUSCertEnroll.flag"
# Check if the script has already been executed
if (Test-Path $flagFilePath) {
Write-Output "The script has already been executed. Exiting..."
return
}
# Define the template name
$templateName = 'RADIUS Template'
# Get the certificate serial number
$certSN = Get-ChildItem 'Cert:\LocalMachine\My' | Where-Object {
$_.Extensions | Where-Object {
($_.Oid.FriendlyName -eq 'Certificate Template Information') -and ($_.Format(0) -match $templateName)
}
} | Select-Object -First 1 -Property SerialNumber
# Enroll the certificate if the serial number is found
if ($certSN -and $certSN.SerialNumber) {
certreq -enroll -machine -q -cert $certSN.SerialNumber renew
# Create the flag file to indicate the script has been executed
New-Item -ItemType File -Path $flagFilePath -Force | Out-Null
Write-Output "Certificate enrollment completed successfully."
} else {
Write-Output "No matching certificate found. Exiting without enrollment."
}
