PSPKI icon indicating copy to clipboard operation
PSPKI copied to clipboard

Published 20 hours ago verified publisher icon PKISolutions

Enhanced Export and Import Capabilities for Certificate Templates Management

Open bencoremans opened this issue 1 year ago • 2 comments

Hello Vadims,

I would like to propose an enhancement to the PSPKI module to include new functionalities for exporting and importing certificate templates, specifically focusing on the [MS-XCEP] format. This request stems from the need for a more streamlined and comprehensive approach to managing certificate templates, including their associated application and certificate policies.

Feature Requests:

  1. Export-CertificateTemplate Functionality: Ability to export one or multiple certificate templates into the [MS-XCEP] format. This feature would ideally capture all aspects of the certificate templates, including compatibility settings, to ensure a seamless transition between environments or for backup purposes.

  2. Import-CertificateTemplate Functionality: Corresponding import functionality that not only recreates the certificate templates from the [MS-XCEP] format but also intelligently handles application and certificate policies. Specifically, if the policies referenced in the imported templates do not exist in the target environment, the function would create these policies to ensure the integrity and applicability of the imported templates.

  3. Dynamic Naming during Import: Flexibility to rename templates, application policies, and certificate policies during the import process. This feature would be particularly useful in scenarios where templates are being migrated between environments, or when template naming conventions need to be aligned with specific organizational standards.

These enhancements aim to provide PSPKI users with robust tools for certificate template management, facilitating easier migration, backup, and deployment processes. The addition of these features would significantly enhance the utility and flexibility of the PSPKI module, making it an even more indispensable tool in the PKI management space.

I believe these enhancements align with the goals of PSPKI to provide a comprehensive and user-friendly toolkit for managing Windows-based PKI.

Thank you for considering this enhancement request.

Best regards,

Ben Coremans

bencoremans avatar Jan 30 '24 16:01 bencoremans

I have developed a concept module to import and update certificate templates. I used the example code from your blog to export an ADCS template to a serialized XML file for import purposes. Additionally, I created a function to update an existing template.

Here is the module.

Kind Regards, Ben

bencoremans avatar Apr 19 '24 05:04 bencoremans

I've started the work on this and here are relevant work items in backend library:

  • https://github.com/PKISolutions/pkix.net/issues/74
  • https://github.com/PKISolutions/pkix.net/issues/59
  • https://github.com/PKISolutions/pkix.net/issues/76
  • https://github.com/PKISolutions/pkix.net/issues/78

Export is implemented. Import is implemented partially. That is, you can import exported templates into runtime objects, but they aren't bound to DS objects. It is a separate non-trivial work.

Crypt32 avatar May 17 '24 13:05 Crypt32