CA Unavailable

[hubkae]

Hi,

when running Locksmith I always got an Issue "CA Unavailable" whether it is obviously running (Auditing and ESC6).

I also got some ESC4 Results but I am not sure where the "Unavailable" Error comes from.

Its a 2 Tier PKI (Root Offline - SubCA Online).

Thanks and Regards

[TrimarcJake]

Hi @hubkae! The auditing and ESC6 checks rely on the certutil utility. Depending on the configuration of your CA, you may not be able to pull this information with your current user account.

Do you control an account with higher-level privileges? If so, I'd love to see what results you receive by running Locksmith with that account.

Thank you for using Locksmith. ❤️

[hubkae]

Hi @TrimarcJake,

i´ve tried to run it as (local) Admin/Domainuser ... possible that this Account got not the needed Permissions. Is there a Documentation what Permissions were needed for a smooth run of Locksmith ?

I dont wanna run it as DomainAdmin tbh ...

Thanks for providing and maintaining this great Tool ... !!

[TrimarcJake]

Heyo, sorry for the slow response. Honestly, there's no single set of rights/permissions necessary that you need to fully utilize Locksmith.

Instead, I think it's best to give required permissions for each piece OR provide better explanations about why various checks fail. If you're interested in doing user acceptance testing, writing code, or even just documenting permissions needed for proper execution, I'd love to chat with you!

[TrimarcJake]

@hubkae, do you have a preferred private communication method? I'd like to ask some more specific questions about your PKI that may explain this situation but also may reveal weakness.