New Post: Add SAN names to existing request

April 13, 2015, 8:02 am

≫ Next: New Post: Add SAN names to existing request

≪ Previous: New Post: Add SAN names to existing request

Sorry I posted the wrong CSR. In the CSR I had attached, I had added in the SAN information. Below is the CSR I was testing with that through the error.

-----BEGIN NEW CERTIFICATE REQUEST-----
MIIFJjCCBA4CAQAwVjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMREwDwYDVQQH
DAhTb21lcnNldDEPMA0GA1UECgwGU0hJTGFiMRYwFAYDVQQDDA10cy5zaGlsYWIu
Y29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xI7Et+KD/v/5vfm
mqm00NXPT2Mt/Aruku+L4AxLd8wRpz01YoS8um7Cq+KTxKE1hciX1llpMZz5rHgP
DWrFS4NW+ZiNG9gyciYtZ3K6Ep3mCg26CygtwMPZ46eyn8OCTnooW9bkRMSrpDLb
pWHoeZSh3JDOVwKS2DQdFrCz+eQKVOWWnOpaFzfTMDuX2f0S5yN8BpDI8CqtRRwg
5TyOrpETDZCj3q5EXlqltjuFxYht59Y/b4KDbmRspUNFd4dY7xJRoIFhKRNHGc18
xSQbLtZt2FXDL5PHLLnJB2RbDtIl1osGiQMxkPsbtfCNovkiAZ3/QqtcDZA7/xhG
MmLrBQIDAQABoIICiTAaBgorBgEEAYI3DQIDMQwWCjYuMi45MjAwLjIwRgYJKwYB
BAGCNxUUMTkwNwIBCQwYc2hpbGFicmRwZ3cuc2hpbGFiLmxvY2FsDA9TSElMQUJc
ZG1hcnF1ZXMMB2NlcnRyZXEwcgYKKwYBBAGCNw0CAjFkMGICAQEeWgBNAGkAYwBy
AG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsACAAQwByAHkAcAB0
AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgMBADB0BgorBgEEAYI3
DQIBMWYwZB4mAEMAZQByAHQAaQBmAGkAYwBhAHQAZQBUAGUAbQBwAGwAYQB0AGUe
OgBTAEgASQBMAGEAYgBTAGEAbgBXAGUAYgBTAGUAcgB2AGUAcgBDAGUAcgB0AGkA
ZgBpAGMAYQB0AGUwggE3BgkqhkiG9w0BCQ4xggEoMIIBJDA9BgkrBgEEAYI3FQcE
MDAuBiYrBgEEAYI3FQiBrMMwhJjnQIfllRDzyB+Ds94egQGG8/hehfeCMgIBZAIB
DDAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIweAYJKoZIhvcNAQkPBGswaTAO
BggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAsGCWCGSAFlAwQBKjALBglg
hkgBZQMEAS0wCwYJYIZIAWUDBAECMAsGCWCGSAFlAwQBBTAHBgUrDgMCBzAKBggq
hkiG9w0DBzAdBgNVHQ4EFgQUhcII8/0JOtMkgw9RgkKfNYGL/q8wDQYJKoZIhvcN
AQEFBQADggEBAB9qQdIRVUdfrnB2Y4+XhjIaPTyPWkp9kBqWJ83wAX4XKq9Q3Zyh
W1X/hmFiiR6NxxdaCMYQoWm/XcUHecrcQAZKg4XTnXd9ns+KcM8+K1Z/ep5FJrmn
8QzPPLdrRGFjUY51GgHNiaPf+EA22xWzz7IdmGcRkDeK8XpGr56MKgitmwx1isgA
fVJVP6MR8I1r/Ug+jfDK01ixi/5bHzSnVj98jwHZPCQ4FTYMSOrUmwfZfKGI2ZAg
eshrlnP1Lvqh3fmBiypSoLR5xDPGWSWZo4rVewwQXszaH6Ww51n8xDPgktnhHxIW
MWFp3rg8F76cTd+eeUfXtXwRkJGZ+7uZO6Y=
-----END NEW CERTIFICATE REQUEST-----

In this CSR there is no SAN information, only the subject of ts.shilab.com. I would like to add SAN names to the request. Below is the error I was getting

Exception calling "DecodeDerString" with "1" argument(s): "Index was outside the bounds of the array."
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\pspki\Server\Set-CertificateExtension.ps1:35 char:6
+                     $derValue = [PKI.ASN.ASN1]::DecodeDerString($ext.RawData)
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IndexOutOfRangeException
 
Exception calling "SetCertificateExtension" with "6" argument(s): "CCertAdmin::SetCertificateExtension: The data is invalid. 
0x8007000d (WIN32: 13 ERROR_INVALID_DATA)"
At C:\Windows\system32\WindowsPowerShell\v1.0\Modules\pspki\Server\Set-CertificateExtension.ps1:37 char:7
+                         $CertAdmin.SetCertificateExtension($Req.ConfigString,$Req.RequestID,$ext.O ...
+    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : ComMethodTargetInvocation

The process I'm following is:
1) CSR is generated
2) CSR submited to subordinate enterprise CA
3) Use Set-CertificateExtension to add SAN names to request
4) Approve request
5) Send certificate to end user

I have run certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 on my subordinate CA and restarted services.

↧

New Post: Add SAN names to existing request

April 13, 2015, 8:13 am

≫ Next: New Post: Add SAN names to existing request

≪ Previous: New Post: Add SAN names to existing request

I have run certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2 on my subordinate CA and restarted

please, remove this setting immediately.

I will check what is wrong with BSTR.

↧

New Post: Add SAN names to existing request

April 13, 2015, 8:23 am

≫ Next: New Post: Add SAN names to existing request

≪ Previous: New Post: Add SAN names to existing request

I've removed the setting. I thought it was required if I wanted to add SAN names to CSRs that do not have them in the CSR encoded data.

↧

New Post: Add SAN names to existing request

April 13, 2015, 8:26 am

≫ Next: New Post: Encoding a custom extension so Windows recognizes it

≪ Previous: New Post: Add SAN names to existing request

this setting was necessary to submit SAN as attribute, not authenticated extension. This setting opens a big hole in your PKI, because any request can pass arbitrary SAN value. And impersonate any user.

↧

New Post: Encoding a custom extension so Windows recognizes it

May 7, 2015, 4:27 am

≫ Next: New Post: Encoding a custom extension so Windows recognizes it

≪ Previous: New Post: Add SAN names to existing request

Gents,

I have successfully encoded and added a custom extension to requests, which then show flagged as the OID is named in Active Directory. E.g.

certutil -f -oid 1.2.3.4.5.6.7.8 "Some Extension" 1033

I then encode the extension as a DER string and add it to the pending request. After issuing the certificate, the extension is shown as hex.

Some Extension 6b 00 03 04 03 ...

Is there a way to display it in a more readable way? I am adding an email-address btw. If I click on the field, the value is encoded / displayed with dots between each character.

Nothing serious, but maybe someone knows :)

Thanks,

MMF

↧

New Post: Encoding a custom extension so Windows recognizes it

May 7, 2015, 6:07 am

≫ Next: New Post: Encoding a custom extension so Windows recognizes it

≪ Previous: New Post: Encoding a custom extension so Windows recognizes it

No, because CryptoAPI has no definition for custom extensions, so it displays their value as hex dump.

↧

New Post: Encoding a custom extension so Windows recognizes it

May 7, 2015, 6:12 am

≫ Next: Commented Unassigned: Changes to Module Requirements?? [74]

≪ Previous: New Post: Encoding a custom extension so Windows recognizes it

Thanks Camelot, much appreciated. Then that's the way I will go :)

↧

Commented Unassigned: Changes to Module Requirements?? [74]

May 18, 2015, 4:15 am

≫ Next: Commented Unassigned: Changes to Module Requirements?? [74]

≪ Previous: New Post: Encoding a custom extension so Windows recognizes it

Hi All,

I have been happyily importing and approving Certificates via powershell script until this week, when I get the following error:

Import-Module : The specified module 'PSPKI' was not loaded because no valid module file was found in any module directory.
At \\HHH.int\DATA\IT\UK\SD\AccessControl\SecurityDocuments\Falcon\Issue MAC Certificate.ps1:1 char:14
+ Import-Module <<<< PSPKI
+ CategoryInfo : ResourceUnavailable: (PSPKI:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

Only change I can think off is that im running Powershell v1.0 and the PSPKI module now says its intended for Powershell v3.0, when did the module requirements change? from what i remember I have been using the PSPKI module for over a year without issue.

Patches and Updates to new versions are tightly controlled in my company so I dont have the option of updating to v3.0. the best they can do is v2.0 is there a older module that will work on 1 or 2

Thanks in advance
Comments: The PSPKI modules, by default, are installed in a user's "My Documents" folder. Once they are placed in in the PowerShell Module Path they will work. To find the modules path, expose the PSModulePath environment variable: From a command prompt execute "set PSModulePath" (without quotes) PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ Next, copy the files and folders from the PSPKI Modules folder into the PSModulePath. "copy C:\Program Files\Sysadmins LV\PowerShell\Modules C:\Windows\System32\WindowsPowerShell\v1.0\Modules"

↧

Commented Unassigned: Changes to Module Requirements?? [74]

May 18, 2015, 5:10 am

≫ Next: New Post: Accessing Request.Disposition - Bug?

≪ Previous: Commented Unassigned: Changes to Module Requirements?? [74]

↧

New Post: Accessing Request.Disposition - Bug?

May 19, 2015, 11:06 pm

≫ Next: New Post: Accessing Request.Disposition - Bug?

≪ Previous: Commented Unassigned: Changes to Module Requirements?? [74]

Hi all,

I am trying to access the attribute Request.Disposition of a pending request. Funnily enough I can see the attribute if I do the following:

$pending = get-pendingrequests -CA $ca -property *

$pending | fl

Request.Disposition 9

But if I want to access it, it always fails.

$pending.Request.Disposition

It works for other attributes e.g.

$pending.PublicKeyAlgorithm

I can use it via Select-Object -Expand-Property Request.Disposition, but I am curious why I cannot access it directly :)

Thanks

↧

New Post: Accessing Request.Disposition - Bug?

May 20, 2015, 6:09 am

≫ Next: New Post: Import-Module errors with Types on remote share

≪ Previous: New Post: Accessing Request.Disposition - Bug?

you have to enclose property name in quotes:

$pending."Request.Disposition"

↧

New Post: Import-Module errors with Types on remote share

May 27, 2015, 9:58 am

≫ Next: Created Unassigned: Import-Module errors with Types on remote share [83]

≪ Previous: New Post: Accessing Request.Disposition - Bug?

I am trying to import the module (ModuleVersion = '3.1.0.0') from a remote share. I would like to prevent the need to install the module on multiple workstations for security reasons.

I do not get the errors when the module is on a local drive, only when using a unc path or mapped drive.

Thank you.

PS C:\windows\system32> $PSVersionTable

Name Value

PSVersion 3.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.18444
BuildVersion 6.2.9200.16481
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2

When I try to import the following errors are displayed:

PS C:\windows\system32> Import-Module PSPKI
Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(5) : Error in type "System.Security.Cryptography.Oid": The member Equal is
already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+         Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
   Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(24) : Error in type "System.Security.Cryptography.Oid[]": The member AddOid
is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+         Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
   Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(43) : Error in type "System.Security.Cryptography.Oid[]": The member
RemoveOid is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+         Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
   Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(63) : Error in type
"System.Security.Cryptography.X509Certificates.X509ChainStatus": The member ToString is already
present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+         Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
   Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(74) : Error in type "System.Management.Automation.Signature": The member
SigningTime is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+         Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Update-TypeData], RuntimeException
    + FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
   Command

↧

Created Unassigned: Import-Module errors with Types on remote share [83]

June 2, 2015, 7:27 am

≫ Next: Commented Unassigned: Import-Module errors with Types on remote share [83]

≪ Previous: New Post: Import-Module errors with Types on remote share

(Reposting in the Issues area)

I am trying to import the module (ModuleVersion = '3.1.0.0') from a remote share. I would like to prevent the need to install the module on multiple workstations for security reasons.

I do not get the errors when the module is on a local drive, only when using a unc path or mapped drive.

Thank you.

PS C:\windows\system32> $PSVersionTable

Name Value
---- -----
PSVersion 3.0
WSManStackVersion 3.0
SerializationVersion 1.1.0.1
CLRVersion 4.0.30319.18444
BuildVersion 6.2.9200.16481
PSCompatibleVersions {1.0, 2.0, 3.0}
PSRemotingProtocolVersion 2.2

When I try to import the following errors are displayed:

```
PS C:\windows\system32> Import-Module PSPKI
Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(5) : Error in type "System.Security.Cryptography.Oid": The member Equal is
already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+ Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Update-TypeData], RuntimeException
+ FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(24) : Error in type "System.Security.Cryptography.Oid[]": The member AddOid
is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+ Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Update-TypeData], RuntimeException
+ FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(43) : Error in type "System.Security.Cryptography.Oid[]": The member
RemoveOid is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+ Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Update-TypeData], RuntimeException
+ FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(63) : Error in type
"System.Security.Cryptography.X509Certificates.X509ChainStatus": The member ToString is already
present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+ Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Update-TypeData], RuntimeException
+ FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
Command

Update-TypeData : \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Types
\PSPKI.Types.ps1xml, \\UNC_Path\WindowsPowerShell\Modules\PSPKI\Ty
pes\PSPKI.Types.ps1xml(74) : Error in type "System.Management.Automation.Signature": The member
SigningTime is already present.
At \\UNC_Path\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:281
char:3
+ Update-TypeData $PSScriptRoot\Types\PSPKI.Types.ps1xml
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Update-TypeData], RuntimeException
+ FullyQualifiedErrorId : TypesXmlUpdateException,Microsoft.PowerShell.Commands.UpdateTypeData
Command
```

↧

Commented Unassigned: Import-Module errors with Types on remote share [83]

June 2, 2015, 12:16 pm

≫ Next: New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

≪ Previous: Created Unassigned: Import-Module errors with Types on remote share [83]

↧

New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

June 9, 2015, 3:22 am

≫ Next: New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

≪ Previous: Commented Unassigned: Import-Module errors with Types on remote share [83]

$vtemps | Where-Object {$_} | ForEach-Object {New-Object PKI.CertificateTemplat ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
- FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

People (not me) have created a number of templates whose displayname includes /

Thanks
Ernie

↧

New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

June 9, 2015, 8:39 am

≫ Next: Created Unassigned: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character [84]

≪ Previous: New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

can you show full invocation line?

↧

Created Unassigned: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character [84]

June 9, 2015, 9:29 am

≫ Next: New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

≪ Previous: New Post: Appear to be an error with Get-CertificateTemplate when the DisplayName of the Template include / character

Hello

I note then using Get-CertifcateTemplate it throws an error if the DisplayName of the template includes the / character

the error it throws is

New-Object : Exception calling ".ctor" with "1" argument(s): "Unknown error (0x80005000)"
At C:\Program Files\Sysadmins LV\PowerShell\Modules\pspki\Server\Get-CertificateTemplate.ps1:67 char:48
+ $vtemps | Where-Object {$_} | ForEach-Object {New-Object PKI.CertificateTemplat ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

People (not me) have created a number of templates whose displayname includes /

Thanks
Ernie

↧