Created Unassigned: Bad example for Set-CertificateTemplate [102]

November 23, 2016, 10:46 am

≫ Next: Reviewed: PowerShell PKI Module v3.2.6 (Nov 28, 2016)

≪ Previous: New Post: Least privileged user

First example is incorrect. Should be:

```
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateACL | Add-CertificateTemplateAcl -User WebServerGroup -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateACL
```

Also, recommend adding example showing computer name, as it's non-obvious. For example:

```
PS C:\> Get-CertificateTemplate -Name WebServer | Get-CertificateTemplateACL | Add-CertificateTemplateAcl -User ServerName$ -AccessType Allow -AccessMask Read, Enroll | Set-CertificateTemplateACL
```

↧

Reviewed: PowerShell PKI Module v3.2.6 (Nov 28, 2016)

November 28, 2016, 1:06 pm

≫ Next: New Post: Error Funcion Get-Certification Authority

≪ Previous: Created Unassigned: Bad example for Set-CertificateTemplate [102]

Rated 5 Stars (out of 5) - Nicely done! Very handy module :)

↧

New Post: Error Funcion Get-Certification Authority

November 29, 2016, 1:54 am

≫ Next: New Post: Error Funcion Get-Certification Authority

≪ Previous: Reviewed: PowerShell PKI Module v3.2.6 (Nov 28, 2016)

I realize this thread is a little older, but since the original poster hasn't responded I can tell you what he's likely seeing - since I'm having the same issue:

PS C:\Users\Administrator\Desktop> Get-CertificationAuthority
Get-CertificationAuthority : The term 'Get-CertificationAuthority' is not recognized as the name of a cmdlet, function, script file, or
operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

Get-CertificationAuthority
~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : ObjectNotFound: (Get-CertificationAuthority:String) [], CommandNotFoundException
- FullyQualifiedErrorId : CommandNotFoundException

PS C:\Users\Administrator\Desktop> Get-Command -Module PSPKI

CommandType Name Version Source

Alias Get-CRL 3.2.6.0 PSPKI
Alias Get-CTL 3.2.6.0 PSPKI
Alias Show-CRL 3.2.6.0 PSPKI
Alias Show-CTL 3.2.6.0 PSPKI
Function Convert-PemToPfx 3.2.6.0 PSPKI
Function Convert-PfxToPem 3.2.6.0 PSPKI
Function Get-CertificateContextProperty 3.2.6.0 PSPKI
Function Get-CertificateRequest 3.2.6.0 PSPKI
Function Get-CertificateRevocationList 3.2.6.0 PSPKI
Function Get-CertificateTrustList 3.2.6.0 PSPKI
Function Get-CryptographicServiceProvider 3.2.6.0 PSPKI
Function Get-EnrollmentPolicyServerClient 3.2.6.0 PSPKI
Function Get-ErrorMessage 3.2.6.0 PSPKI
Function Get-ObjectIdentifier 3.2.6.0 PSPKI
Function Get-ObjectIdentifierEx 3.2.6.0 PSPKI
Function New-SelfSignedCertificateEx 3.2.6.0 PSPKI
Function Ping-ICertInterface 3.2.6.0 PSPKI
Function Receive-Certificate 3.2.6.0 PSPKI
Function Register-ObjectIdentifier 3.2.6.0 PSPKI
Function Show-Certificate 3.2.6.0 PSPKI
Function Show-CertificateRevocationList 3.2.6.0 PSPKI
Function Show-CertificateTrustList 3.2.6.0 PSPKI
Function Start-PsFCIV 3.2.6.0 PSPKI
Function Submit-CertificateRequest 3.2.6.0 PSPKI
Function Test-WebServerSSL 3.2.6.0 PSPKI
Function Unregister-ObjectIdentifier 3.2.6.0 PSPKI

↧

New Post: Error Funcion Get-Certification Authority

November 30, 2016, 3:33 am

≫ Next: New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

≪ Previous: New Post: Error Funcion Get-Certification Authority

...and the answer was? I'd not installed the server component. Works just fine now.

↧

New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

December 28, 2016, 8:12 am

≫ Next: New Post: Error Funcion Get-Certification Authority

≪ Previous: New Post: Error Funcion Get-Certification Authority

Get-CertificateTemplate -displayname TestTemplate | Remove-CertificateTemplate
~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
- FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Remove-CertificateTemplate

I have applied Full Control permissions to this template to ensure that this is not a Security issue. I believe this execution pattern matches the examples in the cmdlet. Any guidance on a pattern that allows this cmdlet to work would be greatly appreciated.

↧

New Post: Error Funcion Get-Certification Authority

January 8, 2017, 11:24 am

≫ Next: Created Unassigned: Remove-CertificateTemplate cmdlet returns writeErrorException [103]

≪ Previous: New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

It appears that only client component is installed, thus, no Get-CertificationAuthority cmdlet is available (because it is not installed).

↧

Created Unassigned: Remove-CertificateTemplate cmdlet returns writeErrorException [103]

January 8, 2017, 11:27 am

≫ Next: New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

≪ Previous: New Post: Error Funcion Get-Certification Authority

I am using pspki version 3.2.6 on Server 2012 R2

I am attempting to remove a template that was previously imported to AD using the Import-CertificateTemplate.ps1 that Vadims published here: https://www.sysadmins.lv/blog-en/export-and-import-certificate-templates-with-powershell.aspx. This template imports without error and can be manually removed using the Certificate templates mmc.

I can view details of the template using the following:

Get-CertificateTemplate -displayname TestTemplate

When I attempt to delete the template I see the following error return:

PS C:\Users\Administrator> Get-CertificateTemplate -displayname TestTemplate | Remove-CertificateTemplate
Remove-CertificateTemplate : Unable to remove certificate template 'TestTemplate'
At line:1 char:44
+ Get-CertificateTemplate -displayname TestTemplate | Remove-CertificateTemplate
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Remove-CertificateTemplate

I have applied Full Control permissions to this template to ensure that this is not a Security issue. I believe this execution pattern matches the examples in the cmdlet. Any guidance on a pattern that allows this cmdlet to work would be greatly appreciated.

↧

New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

January 8, 2017, 11:27 am

≫ Next: Created Unassigned: CAPI Issue when Attempting to Load Module [104]

≪ Previous: Created Unassigned: Remove-CertificateTemplate cmdlet returns writeErrorException [103]

This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.

↧

Created Unassigned: CAPI Issue when Attempting to Load Module [104]

January 12, 2017, 10:34 am

≫ Next: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

≪ Previous: New Post: Remove-CertificateTemplate cmdlet returns writeErrorException

↧

Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

January 12, 2017, 10:35 am

≫ Next: New Post: Check Multiple OCSP Servers

≪ Previous: Created Unassigned: CAPI Issue when Attempting to Load Module [104]

↧

New Post: Check Multiple OCSP Servers

January 17, 2017, 5:52 am

≫ Next: Created Unassigned: get-certificationAuthority (error) [105]

≪ Previous: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

I am using PSKI 3.2.6.0
Is it possible to check multiple OCSP server addresses to ensure they are working correctly? Here is what we have.
We have 8 Microsoft OCSP servers, named “server1.company.com” through “server8.company.com” sitting behind an F5 and load balanced across all 8 servers.
F5 DNS address ocsp.company.com
Our CA is configured with “http://ocsp.company.com/ocsp” url for OCSP.
I know I can use this to check the response
$file = "d:\TheCertificate.cer"
$cert = New-Object security.Cryptography.X509Certificates.X509Certificate2 $File
$Request = New-Object pki.ocsp.ocsprequest $cert
$Response = $Request.SendRequest()
$Response.ResponseStatus

However, the above uses the F5 address http://ocsp.company.com/ocsp from the certificate. Which is fine, however, is there a way to check each of the 8 server addresses in a script to make sure they are responding?
For example, how can you check http://server7.company.com/ocsp?

↧

Created Unassigned: get-certificationAuthority (error) [105]

February 14, 2017, 7:52 am

≫ Next: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

≪ Previous: New Post: Check Multiple OCSP Servers

HI,

We are using a ADCS failover cluster, with only one server being active at a time. I am getting an error when trying to run the command get-certificaitonAuthority i get the following error: I can confirm the RPC service is running and certutil command line is working fine. I have a different system a single enterprise CA in another environment and PSPKI module works fine on that one. Could you please help me resolve this issue.

```

PSMessageDetails :
Exception : System.Management.Automation.MethodInvocationException: Exception calling "EnumEnterpriseCAs"
with "2" argument(s): "CCertAdmin::GetCAProperty: The RPC server is unavailable. 0x800706ba
(WIN32: 1722 RPC_S_SERVER_UNAVAILABLE)" ---> System.Runtime.InteropServices.COMException:
CCertAdmin::GetCAProperty: The RPC server is unavailable. 0x800706ba (WIN32: 1722
RPC_S_SERVER_UNAVAILABLE)
at CERTADMINLib.CCertAdminClass.GetCAProperty(String strConfig, Int32 PropId, Int32
PropIndex, Int32 PropType, Int32 Flags)
at PKI.CertificateServices.CertificateAuthority.getCaProperty()
at PKI.CertificateServices.CertificateAuthority.initialize()
at PKI.CertificateServices.CertificateAuthority.initializeFromConfigString(String
computerName, String name)
at PKI.CertificateServices.CertificateAuthority..ctor(String computerName, String name)
at PKI.CertificateServices.CertificateAuthority.EnumEnterpriseCAs(String findType, String
findValue)
at CallSite.Target(Closure , CallSite , RuntimeType , String , String )
--- End of inner exception stack trace ---
at
System.Management.Automation.ExceptionHandlingOps.ConvertToMethodInvocationException(Exception
exception, Type typeToThrow, String methodName, Int32 numArgs, MemberInfo memberInfo)
at CallSite.Target(Closure , CallSite , RuntimeType , String , String )
at System.Management.Automation.Interpreter.DynamicInstruction`4.Run(InterpretedFrame frame)
at
System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame
frame)
TargetObject :
CategoryInfo : NotSpecified: (:) [], MethodInvocationException
FullyQualifiedErrorId : COMException
ErrorDetails :
InvocationInfo : System.Management.Automation.InvocationInfo
ScriptStackTrace : at Get-CertificationAuthority, C:\Users\685461-Admin\Documents\WindowsPowerShell\Modules\PSPKI\
Server\Get-CertificationAuthority.ps1: line 14
at <ScriptBlock>, <No file>: line 1
PipelineIterationInfo : {}
```

↧

Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

February 22, 2017, 5:35 am

≫ Next: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

≪ Previous: Created Unassigned: get-certificationAuthority (error) [105]

VERBOSE: Loading module from path 'C:\Program Files\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1'.
Write-ErrorMessage : Exception of type 'Microsoft.PowerShell.Commands.WriteErrorException' was thrown.At C:\Program Files\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:123 char:9
+ catch {Write-ErrorMessage -Source "CAPIUnavailable"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotImplemented: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : NotImplementedException,Write-ErrorMessage

Comments: I am running Powershell v4 in Unrestricted mode on Windows 7 x64 as admin user after to have installed PSPKI, and I get exactly the same error while loading it : PS C:\Windows\system32> Import-Module PSPKI Write-ErrorMessage : Exception of type 'Microsoft.PowerShell.Commands.WriteErrorException' was thrown. At C:\Users\rgoeneau\Documents\WindowsPowerShell\Modules\PSPKI\PSPKI.psm1:122 char:9 + catch {Write-ErrorMessage -Source "CAPIUnavailable"} + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotImplemented: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : NotImplementedException,Write-ErrorMessage If I execute again Import-Module PSPKI it does not display anything. But PSPKI features (for example New-SelfSignedCertificateEx) are unavailable. Thanks

↧

Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

February 22, 2017, 7:52 am

≫ Next: Commented Unassigned: get-certificationAuthority (error) [105]

≪ Previous: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

↧

Commented Unassigned: get-certificationAuthority (error) [105]

February 22, 2017, 7:55 am

≫ Next: Reviewed: PowerShell PKI Module v3.2.6 (Mar 21, 2017)

≪ Previous: Commented Unassigned: CAPI Issue when Attempting to Load Module [104]

↧

Reviewed: PowerShell PKI Module v3.2.6 (Mar 21, 2017)

March 21, 2017, 11:00 am

≫ Next: Created Unassigned: Setup Documentation Needed [106]

≪ Previous: Commented Unassigned: get-certificationAuthority (error) [105]

Rated 5 Stars (out of 5) - Very Nice! Using this for some custom monitoring via SCOM 2016!

↧

Created Unassigned: Setup Documentation Needed [106]

March 29, 2017, 12:20 pm

≫ Next: Commented Unassigned: Setup Documentation Needed [106]

≪ Previous: Reviewed: PowerShell PKI Module v3.2.6 (Mar 21, 2017)

I found my way here trying to get some other powershell script to work.

__It would be nice to have a small burb on the home page on what to do to get the scripts to work after you run the installer.__ (I run the installer and then try to run New-SelfSignedCertificateEx and it says it is not there.)

↧

Commented Unassigned: Setup Documentation Needed [106]

March 29, 2017, 12:35 pm

≫ Next: Commented Unassigned: Setup Documentation Needed [106]

≪ Previous: Created Unassigned: Setup Documentation Needed [106]

↧

Commented Unassigned: Setup Documentation Needed [106]

March 29, 2017, 1:00 pm

≫ Next: New Post: Get certificate information - AIA, CDP, Cert Template Information

≪ Previous: Commented Unassigned: Setup Documentation Needed [106]

↧

New Post: Get certificate information - AIA, CDP, Cert Template Information

March 30, 2017, 11:18 am

≫ Next: New Post: Get certificate information - AIA, CDP, Cert Template Information

≪ Previous: Commented Unassigned: Setup Documentation Needed [106]

Hi PSPKI Gurus,

Is it possible to query and extract via PSPKI (or other powershell-based) methods the following information from a certificate file.
I am not looking for certutil solution.
Currently using PSPKI 3.0

URL values for Authority Information Access (OID: 1.3.6.1.5.5.7.1.1)
I am looking to get the "URL=........." Information
URL values for the CRL Distribution Points (OID: 2.5.29.31)
I am looking to get the "URL=........." Information
Certificate Template Information (OID: 1.3.6.1.4.1.311.21.7)
I am looking to get the "Template=............." information

I can't seem to be able to get that information even if I use System.Security.Cryptography.X509Certificates.X509Certificate2.

Probably I am missing something obvious and I will appreciate the guidance.

↧