When a certificate is requested with -web, the AD CS web API is currently accessed using IP addresses with the hostname in the host header. This can sometimes fail, probably because IIS checks the TLS-SNI instead of the host header depending on the configuration. With this PR, the hostname is used in the url passed to requests such that the TLS-SNI can be set accordingly. As I understand it, self.target.remote_name contains the IP if the hostname cannot be determined, so it should not break anything.
When a certificate is requested with
-web
, the AD CS web API is currently accessed using IP addresses with the hostname in the host header. This can sometimes fail, probably because IIS checks the TLS-SNI instead of the host header depending on the configuration. With this PR, the hostname is used in the url passed torequests
such that the TLS-SNI can be set accordingly. As I understand it,self.target.remote_name
contains the IP if the hostname cannot be determined, so it should not break anything.