Open sm00v opened 1 year ago
I'm experiencing this same problem. Any one found a workaround? Could supplying the /subject yourself work?
For anyone having the same problem, this fixed it. Just provide your own subject and make sure it's less than 64 characters.
Getting this error while running:
certify.exe request /ca:CASERVER.thisisalongdomainlol.com\Issuing-External-CA /template:VulnTemplate /altname:Administrator
My Subject name according to certify is:
CN=TEST2\, Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com
Any ideas on how to deal with this error? Sounds like a legitimate issue for which you have to permit longer than 64 character subject names on the ADCS server according to this: https://www.open-a-socket.com/2014/07/24/the-request-subject-name-is-invalid-or-too-long/
Below is the full output with redacted info, this pentest is about to end but it might help the next person if this gets answered.
Hopefully there is something that can be done rather than running a command on the AD CS server :/