SAMLRaider
SAMLRaider copied to clipboard
Clone Certificate does not work if S/N is negative
It's not possible to clone the certificate if the serial number of the certificate is negative.
Hey awesome creators of this tool, I am also not able to proceed ahead as my certificate is not cloning due to negative serial numbers. Till the issue is fixed in the tool, can you please assist me by telling me on how to clone a certificate with negative serial number with some other way. This would be very helpful during my testing.
Hi yobroda
There are other possibilities to create a fake certificate or clone a certificate.
-
Create a new CA and issue a new certificate. You can use the following script and adjust the values to your needs: https://github.com/mindfuckup/Scripts/blob/master/makecert
-
You can also clone certificates by reading the original certificate and create new key material. You can e.g. use the following code: https://twitter.com/guedou/status/1091349140636864517
Best wishes, Emanuel
Hi yobroda
You can simply clone a certificate using PowerShell:
$original = "c:\tmp\certificate.pem"
$cloned = "c:\tmp\cloned.p12"
$password = "Password-1234"
$cert_original = Get-PfxCertificate -FilePath $original
$export_password = ConvertTo-SecureString -String $password -Force -AsPlainText
$cert_cloned = New-SelfSignedCertificate -CloneCert $cert_original -CertStoreLocation "Cert:\CurrentUser\My\"
$cert_cloned | Export-PfxCertificate -FilePath $cloned -Password $export_password
Remove-Item $cert_cloned.PSPath
https://gist.github.com/mindfuckup/ab6077634f1f9c132371b418db7bb1cc
Have fun ;-)
Emanuel
Thanks for the explanation!
BTW i recently discovered the clone-cert
script, which does the same on Linux. Either specify a TLS server with port or a local certificate to clone: https://github.com/SySS-Research/clone-cert
Works really well :)
Great, i will try this out !!