Error issuing certificate after creation

GoateePFE / ADCSTemplate

A PowerShell module for exporting, importing, removing, permissioning, publishing Active Directory Certificate Templates. It also includes a DSC resource for creating AD CS templates using these functions. This was built with the intent of using DSC for rapid lab builds. Could also work in production to move templates between AD CS environments.

MIT License

81 stars 24 forks source link

Error issuing certificate after creation #13

Open heinejeppesen opened 1 year ago

heinejeppesen commented 1 year ago

Hi,

I'm trying to automate building dev/test environments and we need a PKI solution. We are using Server 2022.

I can successfully export and create using the JSON files, but when I try to use the certificate, I get the error in the image. "The request was for a certificate template that is not supported by the Active Directory Services policy" "The requested certificate template is not supported by this CA 0x80094800 (-2146875392 CERTSRV_E_UNSUPPORTED_CERT_TYPE)

Looking at the template in AD with ADSIEdit, I noticed the property "msPKI-RA-Application-Policies" isn't populated on the imported template. The expected value is in the JSON.

If I copy the value from the template I exported from, into the new template missing the values, the new template works.

heinejeppesen commented 1 year ago

So it seems this issue is fixed here on Github two years ago, but the module on PSGallery hasn't been updated with the fix. Unfortunately this make is rather difficult to use in automated ways. :-(

We build our environments using Bicep pipeline and Azure Automation DSC, where modules are imported automatically from PSGallery.

Would be really nice if the updated code was pushed to PSGallery ;-)

msilveirabr commented 1 year ago

@heinejeppesen There's been minor updates indeed. @GoateePFE Would you kindly get PSGallery ADCSTemplate version updated to the github one? I guess this will require a 1.0.1.1 version bump ;)

Geo-Ron commented 7 months ago

The issue has been fixed in commit aa7ce02302d784880ef6d0b58d1ecfbe49070d24

@GoateePFE would you please update the PSGallery edition?

msilveirabr commented 4 months ago

@GoateePFE We beg you to update the PSGallery with the latest update, pleeeeease 🙏🏼 😇

GoateePFE commented 3 months ago

Hello everyone. It's been years since I looked at this. I took several hours today to get my head kinda back in the game enough to commit your pull requests and publish the changes to the PowerShell Gallery under version 1.0.1.1. Please update the module and test to see if it works as needed now. Also, I would love to hand this project off to someone else to own, maintain, and update the gallery. If anyone is interested, I would be happy to make you the owner in the gallery. Thanks.

GoateePFE commented 3 months ago

@msilveirabr @Geo-Ron @heinejeppesen Please see above.