I'm working on automating the deployment of a multi-tier PKI system based on ADCS (I have a general product IT solution that we then deploy on projects mostly in a cookie cutter fashion). I have the entire process automated using powershell except for the step when I need to install the certificate for the Issuing CAs. In our design the root CA (Windows ADCS based) is not domain joined and is kept offline - only brought online to sign the certs for Issuing CA and publish CRLs.
The Issuing CAs are setup using:
Add-WindowsFeature ADCS-Cert-Authority -IncludeManagementTools
Install-ADCSCertificationAuthority -CACommonName <Issing CA CN> -CAType EnterpriseSubordinateCA -CryptoProviderName <Provider> -HashAlgorithmName <Algorithm> -KeyLength <Key Length> -OutputCertRequestFile <.req File Path> -Force
I then take that .req file and get it signed by the Root CA. My question is then how to use PowerShell to install the certificate (i.e. to replace the manual process of open Certificate Authority RSAT tool->right-click on CA->All Tasks->Install CA Certificate).
I haven't found anything in the standard ADCS PS library nor in the great PSPKI module (though it may be there and I'm just blind to it). My google-fu only returns results on how to install ADCS using PowerShell and nothing on this specific question.
Do I just need to import the certificate normally using certutil -dspublish or -addstore and if so to which store?