search

Venafi / VenafiPS

Powershell module to fully automate your Venafi TLS Protect Datacenter and Cloud platforms!
https://venafips.readthedocs.io/
Apache License 2.0
18 stars 7 forks source link

Issuer does not work with Find-Venaficertificate #146

Closed wilddev65 closed 1 year ago

wilddev65 commented 1 year ago

It's not possible to make a query for an Issuer using FindCertificate; Find-VenafiCertificate -Issuer "C=US, S=Texas, L=Houston, OU=ISS, O=Hewlett Packard Enterprise, CN=Default Issuer (Do not trust)" -Verbose VERBOSE: Session is VenafiSession VERBOSE: {"ContentType":"application/json","UseBasicParsing":true,"Method":"Get","Uri":"https://selina.pki-warrior.com/vedsdk/certificates/","Headers":{"Authorization":"***hidden***"},"Body":{"Limit":1000,"Issuer":"C=US, S=Texas, L=Houston, OU=ISS, O=Hewlett Packard Enterprise, CN=Default Issuer (Do not trust)"}} VERBOSE: GET https://selina.pki-warrior.com/vedsdk/certificates/?Limit=1000&Issuer=C=US,+S=Texas,+L=Houston,+OU=ISS,+O=Hewlett+Packard+Enterprise,+CN=Default+Issuer+(Do+not+trust) with 0-byte payload VERBOSE: received 52-byte response of content type application/json; charset=utf-8 VERBOSE: Total number of records for this query: 0

Output from Postman: GET https://{{tpp_server}}/vedsdk/Certificates/?Issuer="C=US, S=Texas, L=Houston, OU=ISS, O=Hewlett Packard Enterprise, CN=Default Issuer (Do not trust)" {"Certificates":[{"CreatedOn":"2022-09-09T17:12:32.8686503Z","DN":"\VED\Policy\Certificates\vndcdfxphpovd04.ual.com\ILO2M27490305","Guid":"{8a54a6c6-7328-4c96-a590-7a901ff5c246}","Name":"ILO2M27490305","ParentDn":"\VED\Policy\Certificates\vndcdfxphpovd04.ual.com","SchemaClass":"X509 Device Certificate","X509":{"CN":"ILO2M27490305","SANS":{"DNS":["ILO2M27490305"]},"Serial":"6F2D5E4B32C15736","Thumbprint":"0A3FE89A98B1E94B41D053D33F9F7C0E7FE75CE0","ValidFrom":"2017-12-10T04:47:02.0000000Z","ValidTo":"2032-12-09T04:47:02.0000000Z"},"_links":[{"Details":"\/vedsdk\/certificates\/%7b8a54a6c6-7328-4c96-a590-7a901ff5c246%7d"}]}],"DataRange":"Certificates 1 - 1","TotalCount":1}

It seems that this function isn't formatting the query in the way that TPP is expecting, with quotes around the whole string and no + instead of space.

wilddev65 commented 1 year ago

It appears the issue is that the input needs to be fully quoted; Find-VenafiCertificate -Issuer '"C=US, S=Texas, L=Houston, OU=ISS, O=Hewlett Packard Enterprise, CN=Default Issuer (Do not trust)"' -Verbose This works with the additional ' around the string. VERBOSE: Session is VenafiSession VERBOSE: {"ContentType":"application/json","UseBasicParsing":true,"Method":"Get","Uri":"https://selina.pki-warrior.com/vedsdk/certificates/","Headers":{"Authorization":"***hidden***"},"Body":{"Limit":1000,"Issuer":"\"C=US, S=Texas, L=Houston, OU=ISS, O=Hewlett Packard Enterprise, CN=Default Issuer (Do not trust)\""}} VERBOSE: GET https://selina.pki-warrior.com/vedsdk/certificates/?Limit=1000&Issuer="C=US,+S=Texas,+L=Houston,+OU=ISS,+O=Hewlett+Packard+Enterprise,+CN=Default+Issuer+(Do+not+trust)" with 0-byte payload VERBOSE: received 686-byte response of content type application/json; charset=utf-8 VERBOSE: Total number of records for this query: 1

gdbarron commented 1 year ago

It does need double quotes.... image