> For the complete documentation index, see [llms.txt](https://docs.scepman.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.scepman.com/certificate-management/api-certificates/api-enrollment/windows-server.md).
# Windows Server
{% hint style="info" %}
Applicable to SCEPman version 2.9 and above
{% endhint %}
You can use the SCEPmanClient PowerShell module to request certificates for your Windows server. Please refer to the main article of the module for the prerequisites:
{% content-ref url="/pages/k0e2z2MUtrOMOkgS5ZKy" %}
[SCEPmanClient](/certificate-management/api-certificates/scepmanclient.md)
{% endcontent-ref %}
## Use Case Description
While the module is capable of initially requesting certificates, it might not be desirable to store the service principal credentials on a machine that could be used to request arbitrary certificates.
So if your scenario includes the deployment of a certificate using Certificate Master you can automatically renew it using *SCEPmanClient* by providing an already existing certificate for authentication:
$Subject = $env:COMPUTERNAME
$ValidityThreshold = 30
$CertificateToRenew = Get-ChildItem Cert:\LocalMachine\My `
| Where-Object NotAfter -lt (Get-Date).AddDays($ValidityThreshold) `
| Where-Object Subject -match $Subject
New-SCEPmanCertificate -Certificate $CertificateToRenew -SaveToStore 'LocalMachine'
# With the new certificate in place we can remove the old one
# Remove-Item $CertificateToRenew.PSPath
This example will find certificates expiring in the next month and use it to authenticate the renewal request.
## Initial Request
If you want to request certificates on your server initially you can do so by supplying a service principal for authentication that has the role **CSR DB Requesters** assigned. Please refer to the following guide on how to implement such a service principal:
{% content-ref url="/pages/0hD3y9R5SjzwVGxe3Vdj" %}
[API Enrollment](/certificate-management/api-certificates/api-enrollment.md)
{% endcontent-ref %}
```powershell
$Parameters = @{
'Url' = 'scepman.contoso.com'
'ClientId' = '569fbf51-aa63-4b5c-8b26-ebbcfcde2715'
'TenantId' = '8aa3123d-e76c-42e2-ba3c-190cabbec531'
'ClientSecret' = 'csa8Q~aVaWCLZTzswIBGvhxUiEvhptuqEyJugb70'
'Subject' = 'CN=WebServer'
'DNSName' = 'Webserver.domain.local'
'ExtendedKeyUsage' = 'ServerAuth'
'SaveToStore' = 'LocalMachine'
}
New-SCEPmanCertificate @Parameters
```
If we now want to renew a certificate we can disregard the service principal and use an already issued certificate for authentication. This will use the existing certificates details to construct a new CSR and issue it to SCEPman for a new certificate.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:
```
GET https://docs.scepman.com/certificate-management/api-certificates/api-enrollment/windows-server.md?ask=&goal=
```
`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.