Error when using New-TppCertificate command

[macflurry7]

I'm using that command and I'm getting this (warning I think)

Get-TppObject: /MY_PATH/Modules/VenafiTppPS/1.2.5/Public/New-TppCertificate.ps1:225 Line | 225 | $response.CertificateDN | Get-TppObject | ~~~~~ | Find all matching subordinate Distinguished Names failed; ObjectDoesNotExist.

I think it is a warning cause I'm getting the cert created OK although receiving this... Is it anything I can ignore then?

[gdbarron]

Hi @macflurry7. I'm not sure which command you are referring to. Can you paste the command and a verbose run of it here? Thanks.

[macflurry7]

Hello again @gdbarron Command is this:

New-TppCertificate -Path $path -Name $cn -CommonName $cn -ManagementType "Enrollment" -SubjectAltName @{'DNS'=$cn} -PassThru -Confirm:$false -v

and this is the verbose (Cert is being creted though)

VERBOSE: ValidUntil: 6/8/2020 1:21:32 PM, Current (+2s): 6/8/2020 1:19:01 PM VERBOSE: Performing the operation "Create new certificate" on target ""PATH". VERBOSE: { "Headers": { "X-Venafi-Api-Key": "KEY" }, "Uri": "URI", "Method": "Post", "ContentType": "application/json", "Body": "{\n \"ObjectName\": \"CERT\",\n \"Subject\": \"CERT\",\n \"PolicyDN\": \"\$policydn",\n \"ManagementType\": \"Enrollment\",\n \"SubjectAltNames\": [\n {\n \"TypeName\": \"DNS\",\n \"Name\": \"CERT\"\n }\n ]\n}" }

VERBOSE: POST URL with 302-byte payload VERBOSE: received 165-byte response of content type application/json VERBOSE: Content encoding: utf-8 VERBOSE: CertificateDN Guid

---

CERTIFICATEDN {GUID...}

VERBOSE: ValidUntil: 6/8/2020 1:21:32 PM, Current (+2s): 6/8/2020 1:19:02 PM VERBOSE: { "Headers": { "X-Venafi-Api-Key": "KEY" }, "Uri": "URI", "Method": "Post", "ContentType": "application/json", "Body": "{\n \"ObjectDN\": \"$PATH",\n \"Pattern\": \"CERT\"\n}" }

VERBOSE: POST URI with 126-byte payload VERBOSE: received 115-byte response of content type application/json VERBOSE: Content encoding: utf-8 Get-TppObject: PATH/VenafiTppPS/1.2.5/Public/New-TppCertificate.ps1:225 Line | 225 | $response.CertificateDN | Get-TppObject | ~~~~~ | Find all matching subordinate Distinguished Names failed; ObjectDoesNotExist.

[macflurry7]

BTW @gdbarron , if it can helps you, I'm running Get-TppObject -path 'certDN' and it is giving me same output.... with a cert that already exists. Hope this can help you

Output: "Get-TppObject: Find all matching subordinate Distinguished Names failed; ObjectDoesNotExist."

[gdbarron]

The format of the path should be similar to \ved\policy\folder\folder\cert. Is this what you are seeing? Any spaces, odd characters, etc? Somehow I need to see the path without you divulging anything private.

[macflurry7]

Yep @gdbarron , of course the path is like that, and no there is no any strange character... thing is that running same command with one existent cert it is giving me same error

Path, for example: \VED\Policy\XXX\Certificates\XXX\XXX\CERT

[macflurry7]

Moreover, I think that Get-TppObject there is not needed... if it is to check that the cert has been already created another check could be run...

[gdbarron]

Do the values for ObjectDN and Pattern look correct? ObjectDN should be \VED\Policy\XXX\Certificates\XXX\XXX and Pattern should be CERT.

I try and standardize with the TppObject class so it can be shared across functions easily which is why I make that call. In this instance, in thinking about it, I have all the info needed already to create the object. I could generate a TppObject without calling Get-TppObject.

Keep in mind, that step is only performed when providing -PassThru so excluding that param will bypass this. It obviously doesn't fix the issue, but is a viable workaround.

[macflurry7]

Yes, it is like that but can't understand why running same command with an existant cert breaks too, for example.

However, that workaround is a good one. Good point here @gdbarron

[gdbarron]

The only other option I can think of is for the 2 of us to have a screen share, if possible. I'd love to get this fixed, but understand the sensitive nature of the data.

[macflurry7]

Mmm, I think it is not needed because I wont use passthru option and that is all. FYI, I'm getting the same running Get-TppObject -Path 'DNCertPATH'