search

PKISolutions / PSPKI

PowerShell PKI Module
Microsoft Public License
389 stars 59 forks source link

Fix: Submit-CertificateRequest #187

Closed karthikeyanrathore closed 1 year ago

karthikeyanrathore commented 1 year ago 
CCertRequest::Submit: The format of the specified domain name is invalid. 0x800704bc (WIN32: 1212 \\r\\nERROR_INVALID_DOMAINNAME)\\r\\nAt C:\\\\Program Files\\\\WindowsPowerShell\\\\Modules\\\\PSPKI\\\\3.7.2\\\\Client\\\\Submit-CertificateRequest.ps1:71 char:5\\r\\n+ ...             $Status = $CertRequest.Submit(0xff,$Request,$strAttribute ...\\r\\n+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\r\\n    + CategoryInfo          : OperationStopped: (:) [], COMException\\r\\n    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException\\r\\n \\r\\n')"
Crypt32 commented 1 year ago

Can you provide more details?

karthikeyanrathore commented 1 year ago

Yea, Basically i have a powershell script and a python flask script which runs the powershell script. The flask script is hosted on the IIS server. The powershell script is to just submit certificate request. This works locally on windows but when i host it on the ISS server it fails ? do you know, what might be the issue?

Crypt32 commented 1 year ago

This is still vague description. What is ISS server? What PS commands you execute (exact syntax)? Can you provide your request file?

karthikeyanrathore commented 1 year ago

I think this issue is not related to PSPKI its something to do wth certsrv. I'm looking into it.

karthikeyanrathore commented 1 year ago

Hi @Crypt32 coundn't find the solution to the problem.

PS cmd:

$ca = Connect-CertificationAuthority;
$csr_path = $args[0];
Submit-CertificateRequest -Path "$csr_path" -CA $ca -Attribute "CertificateTemplate:WebServer" ;

CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIIEnjCCAoYCAQAwWTELMAkGA1UEBhMCeHgxCzAJBgNVBAgMAnh4MQswCQYDVQQH
DAJ4eDELMAkGA1UECgwCeHgxDTALBgNVBAsMBFRlc3QxFDASBgNVBAMMC3BzcGtp
X2NoZWNrMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA6l7K1U1cV/ab
B54TZh7jJiZQ7tXfPu7X1M92c+bSKflTOkzCNWUM7Q3nqSSBJ2tpWngsiSN8tWkS
nKtvSgyotHkYtn+5VNsy59JPf50F4+74/o8mN6kpokgFc6ds32dhpldiPyA6FHO9
FlNE4UwjwwYQjzzEA9KQWAdTTodnQb6Zj/1X+B0K7tXpj4QyWQ6j+WLI5NhzOHkV
WItTmH14+TlJHQG0tvFhiNJBAQIx3S/JpaNhrhLa3cVqb1vDgZ7uHLGGchL7xQqi
xvJzhYovquZaQOKsVG8AyzAai2vPzJqLRTWZM9z2RxicRuLfQyGgSmz9v1Ks3f3X
FqWLGY0PQzJaN2tA39viLmfNmpwpTGjC1DyQWCNIKex6P5cOTNG1L+r02/pPX8U8
GANP7txA2fKO0yA5Fmmsj3VRBY5ypvvyLOkMhxIqxE/P7RBUw+LlFaJ0pkGxzZdq
SboalT7mC0fMLB8SB+HUxKZLwzmnll9y36smP9FeKTTlNflOshq/ob6CATo5qIFN
tNWrpYs3bm+bFDa/HPX2P2V225QUDLurRicWJcspDmV/tENfii7cmD30eTUbGYaq
z94BjdS4wIlW2utBgBDoUIfvXUWBq0gY7/mo2CIs4p34Bnh1Y10b0G/c5ecmt28K
fuuqvQ8TemrjA5GeshDh+SRerTHxQw0CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IC
AQDklM0aAtP5/utvN5KLgAM05HIAlwdEGvhvVytcgnkKrXms7UzqRioYGm9IEbga
mJW0accKSawNA9NVz7oQ6aYtnQzHG2AWqEKDJTK1wCG0YT3Gd2uMDWbdXmRUYQmw
pkNYIXHG9TlOEQ6Ktj6QN6fk796GwzPYf/ZTChurk6BbP1NNMKphkuSUAQbka/kB
iIGIq4K7nTIGd6syOwW3X9cHX/EBN6cMAwhgE5MwLUqW6eZuIKUEgmlIXpGdrHKo
8luMkSSeieSkZxuxU6KnkA4a/ORsm441MY9uEoy0S65PbgIdlCg7Yp9bR4W10qoH
bvCNuDZ1AEIAkT9NXhmLW//zGuiKSQT3M5BF2wLgBa9ihJFw4HLPYaZY0ECgPh5S
8OUbdfUww8B+4lakpkyzb0Oax/XfoOyWfx6usRmFhUUF4Am+1fILJtBcRMe8NdRk
fPNNEwhtoR0vCmFEDguAxsfw9q7l+8zhs17gt8ntV8KWcBFeaqi0tq0Ti5jDeeyb
HPdu/04tBkLzfwtFsp3zIbdhcOd9mFDnhbqXjZjVkMIrd7wCzRu6PVQ1AQohrfg+
4caWWUl44+psY5iyM4vJjU47kmkgW68Fka0ZtelbT5St7k9NnNi5gFS5WrRa8kCk
RsqYGTbAaaM7aLf3P8q1regPwh0+I8EYxFySOLtSkJFWQg==
-----END CERTIFICATE REQUEST-----

ISS is a program provided by windows to host applications. In order to host to python/flask apps this is the only way to do it.

The problem is when i run the server locally (inside the windows server) and test PS cmd, it works successfully. but then when i do the same operation using windows DNS server ip address (hosted on ISS sever) it shows:

'Exception: CCertRequest::Submit: The format of the specified domain name is invalid. 0x800704bc (WIN32: 1212 \\r\\nERROR_INVALID_DOMAINNAME)\\r\\nAt C:\\\\Program 

Files\\\\WindowsPowerShell\\\\Modules\\\\PSPKI\\\\3.7.2\\\\Client\\\\Submit-CertificateRequest.ps1:71 char:5\\r\\n+ ...             $Status = $CertRequest.Submit(0xff,$Request,$strAttribute ...\\r\\n+                 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\\r\\n    + CategoryInfo          : OperationStopped: (:) [], COMException\\r\\n    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException\\r\\n \\r\\n')"

Is there any specific requirements you know that must be specified or should be correct before submitting CSR.

-- > problem --> CertRequest.Submit --> https://github.com/PKISolutions/PSPKI/blob/master/PSPKI/Client/Submit-CertificateRequest.ps1#L71

Thanks.

Crypt32 commented 1 year ago

ISS is a program provided by windows to host applications

then it is IIS, not ISS.

but then when i do the same operation using windows DNS server ip address

what does it mean? Where you use IP address?

karthikeyanrathore commented 1 year ago

I have a windows instance / Server running on AWS. Inside the Server there is IIS application which helps me host my flask server and from my local machine i access the API (flask application) using Public DNS of windows instance provided by AWS. Does this make sense ?

karthikeyanrathore commented 1 year ago

I think the issue is with this IIS application. But i m not able to debug this error:

CCertRequest::Submit: The format of the specified domain name is invalid
karthikeyanrathore commented 1 year ago

Ahh, Sorry for the trouble, the issue was with IIS Manager. Had to make changes in the Application Pool.

If above solution is not working maybe try this: https://stackoverflow.com/questions/36050230/code-works-on-local-machine-but-not-on-iis