Public/Approve-PWSHCertutilPendingCert.ps1

function Approve-PWSHCertutilPendingCert {
    <#
    .SYNOPSIS
        Issues (approves) a pending certificate request on a CA.
    .DESCRIPTION
        Connects to the specified CA via WinRM and runs certutil -resubmit to issue a
        pending certificate request. This is the CA administrator action that moves a
        request from Pending to Issued state.

        Accepts pipeline input from Submit-PWSHCertreqCSR where Status is Pending, so the
        submit-approve-retrieve workflow can be written as a pipeline. Supports -WhatIf and
        -Confirm.

        After approval, use Get-PWSHCertreqCert to retrieve the issued certificate.
    .PARAMETER InputObject
        A request object with Profile, CAServer, and RequestID properties.
        Accepts output from Submit-PWSHCertreqCSR.
    .PARAMETER Profile
        The configuration profile. Required in the Direct parameter set.
    .PARAMETER CAFqdn
        The CA where the request is pending. Required in the Direct parameter set.
    .PARAMETER RequestID
        The request ID to approve. Required in the Direct parameter set.
    .PARAMETER Credential
        Optional PSCredential for WinRM. Defaults to the current user.
    .EXAMPLE
        $pending | Approve-PWSHCertutilPendingCert -Confirm:$false
        Approves a pending request returned by Submit-PWSHCertreqCSR.
    .EXAMPLE
        Approve-PWSHCertutilPendingCert -Profile 'prod-pki' -CAFqdn 'ca01.corp.local' `
            -RequestID '42'
        Approves request 42 on ca01.corp.local.
    .EXAMPLE
        Approve-PWSHCertutilPendingCert -Profile 'prod-pki' -CAFqdn 'ca01.corp.local' `
            -RequestID '42' -WhatIf
        Shows what would be approved without performing the action.
    .OUTPUTS
        PSCustomObject. Properties: Profile, CAServer, RequestID, Success, Output.
    #>

    [CmdletBinding(DefaultParameterSetName = 'Pipeline', SupportsShouldProcess, ConfirmImpact = 'Medium')]
    [OutputType([PSCustomObject])]
    param(
        [Parameter(Mandatory, ValueFromPipeline, ParameterSetName = 'Pipeline')]
        [object] $InputObject,

        [Parameter(Mandatory, ParameterSetName = 'Direct')]
        [string] $Profile,

        [Parameter(Mandatory, ParameterSetName = 'Direct')]
        [string] $CAFqdn,

        [Parameter(Mandatory, ParameterSetName = 'Direct')]
        [string] $RequestID,

        [Parameter()]
        [pscredential] $Credential
    )

    process {
        if ($PSCmdlet.ParameterSetName -eq 'Pipeline') {
            $Profile   = $InputObject.Profile
            $CAFqdn    = $InputObject.CAServer
            $RequestID = $InputObject.RequestID
        }

        $target = "RequestID=$RequestID on $CAFqdn (Profile: $Profile)"
        if (-not $PSCmdlet.ShouldProcess($target, 'Approve pending certificate request')) { return }

        $config        = Read-ConfigFile
        $profileConfig = Get-ProfileConfig -Config $config -ProfileName $Profile

        $sessionArgs = @{ CAFqdn = $CAFqdn; RemotingConfig = $profileConfig.remoting }
        if ($PSBoundParameters.ContainsKey('Credential')) { $sessionArgs['Credential'] = $Credential }
        $session = Get-CASession @sessionArgs

        try {
            $output  = Invoke-CertutilResubmit -Session $session -RequestID $RequestID
            $success = $output -notmatch 'FAILED'
            [PSCustomObject]@{
                Profile   = $Profile
                CAServer  = $CAFqdn
                RequestID = $RequestID
                Success   = $success
                Output    = $output -join "`n"
            }
        } catch {
            Write-Error "Failed to approve RequestID $RequestID on '$CAFqdn': $_"
        }
    }
}