Hello,
As per MS documentation, "request pending" means, if the requester has CA manager or CA administrator permissions, we can use another CryptoAPI COM interface to issue the certificate — ICertAdmin::ResubmitRequest method. The method takes two arguments:
CA configuration string (which is already stored in $ConfigString variable);
Request ID.
In order to retrieve request ID, we call ICertRequest3::GetRequestId method:
$RequestID = $CertRequest.GetRequestId()
and call ICertAdmin::ResubmitRequest method as follows:
# instantiate ICertAdmin COM interface object:
$CertAdmin = New-Object -ComObject CertificateAuthority.Admin
# call ResubmitRequest method to issue pending request
$CertAdmin.ResubmitRequest($ConfigString, $RequestID)
The method returns disposition code. If the disposition code is 3, then the certificate was successfully issued. In order to retrieve issued certificate, we need to return to ICertRequest interface and call ICertRequest3::RetrievePending method:
$CertRequest.RetrievePending($RequestID, $ConfigString)
The certificate is now retrieved. The next step is to get the issued certificate and save it to a file. To get certificate we call ICertRequest3::GetCertificate method by specifying output encoding. Just to remember, output encoding values are defined in EncodingType enumeration https://learn.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-encodingtype?redirectedfrom=MSDN. Base64 with headers (0) is enough:
$Base64 = $CertRequest.GetCertificate(0)
Set-Content .\issuedcert.cer -Value $Base64
Now certificate issuance is completed and you can move issued certificate to the original client where we generated the request.
-----------------------------------------------------------------------------------------------------------------------------------------------------------
-If this was helpful, please do not forget to upvote the answer!-