ADCSTemplate icon indicating copy to clipboard operation
ADCSTemplate copied to clipboard

Published 20 hours ago verified publisher icon GoateePFE

Error issuing certificate after creation

Open heinejeppesen opened this issue 2 years ago • 6 comments

Hi,

I'm trying to automate building dev/test environments and we need a PKI solution. We are using Server 2022.

I can successfully export and create using the JSON files, but when I try to use the certificate, I get the error in the image. "The request was for a certificate template that is not supported by the Active Directory Services policy" "The requested certificate template is not supported by this CA 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)

Looking at the template in AD with ADSIEdit, I noticed the property "msPKI-RA-Application-Policies" isn't populated on the imported template. The expected value is in the JSON.

If I copy the value from the template I exported from, into the new template missing the values, the new template works.

image

heinejeppesen avatar Dec 23 '22 09:12 heinejeppesen

So it seems this issue is fixed here on Github two years ago, but the module on PSGallery hasn't been updated with the fix. Unfortunately this make is rather difficult to use in automated ways. :-(

We build our environments using Bicep pipeline and Azure Automation DSC, where modules are imported automatically from PSGallery.

Would be really nice if the updated code was pushed to PSGallery ;-)

heinejeppesen avatar Dec 23 '22 10:12 heinejeppesen

@heinejeppesen There's been minor updates indeed. @GoateePFE Would you kindly get PSGallery ADCSTemplate version updated to the github one? I guess this will require a 1.0.1.1 version bump ;)

msilveirabr avatar Feb 14 '23 02:02 msilveirabr

The issue has been fixed in commit aa7ce02302d784880ef6d0b58d1ecfbe49070d24

@GoateePFE would you please update the PSGallery edition?

Geo-Ron avatar Feb 14 '24 15:02 Geo-Ron

@GoateePFE We beg you to update the PSGallery with the latest update, pleeeeease 🙏🏼 😇

msilveirabr avatar May 15 '24 14:05 msilveirabr

Hello everyone. It's been years since I looked at this. I took several hours today to get my head kinda back in the game enough to commit your pull requests and publish the changes to the PowerShell Gallery under version 1.0.1.1. Please update the module and test to see if it works as needed now. Also, I would love to hand this project off to someone else to own, maintain, and update the gallery. If anyone is interested, I would be happy to make you the owner in the gallery. Thanks.

GoateePFE avatar Jun 02 '24 01:06 GoateePFE

@msilveirabr @Geo-Ron @heinejeppesen Please see above.

GoateePFE avatar Jun 02 '24 01:06 GoateePFE