New Post: Get certificate information - AIA, CDP, Cert Template Information

April 16, 2017, 3:49 am

≫ Next: Commented Unassigned: Connect-CertificationAuthority Error [89]

≪ Previous: New Post: Get certificate information - AIA, CDP, Cert Template Information

$

0

0

By using PSPKI module you can do this:

$cert= new-object security.cryptography.x509certificates.x509certificate2 <arguments>$extensions=[PKI.Utils.CLRExtensions]::ResolveExtensions($cert)
# retrieve URLs from CDP extension:$extensions["2.5.29.31"].GetURLs()
# retrieve issuer URLs from AIA extension:$extensions["1.3.6.1.5.5.7.1.1"].CertificationAuthorityIssuer
# retrieveve OCSP URLs from AIA extension:$extensions["1.3.6.1.5.5.7.1.1"].OnlineCertificateStatusProtocol
# retrieve certificate template information:$extensions["1.3.6.1.4.1.311.21.7"]

HTH

---

Commented Unassigned: Connect-CertificationAuthority Error [89]

June 21, 2017, 3:04 am

≫ Next: New Post: Adding Extensions to newly created certificates include the new extensions

≪ Previous: New Post: Get certificate information - AIA, CDP, Cert Template Information

$

0

0

Hi,

I am using PSPKI Version 3.1. When running the following command, I get an error.

__Command:__
Connect-CertificationAuthority -ComputerName <servername>.<domain1>.com

__Error:__

New-Object : Exception calling ".ctor" with "1" argument(s): "CCertConfig::GetField: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)"
At C:\windows\system32\WindowsPowerShell\v1.0\Modules\pspki\Server\Connect-CertificationAuthority.ps1:13 char:4
New-Object PKI.CertificateServices.CertificateAuthority $CName
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
We have two domains. There is two way trust connection in both the domains. The server is on Domain 1.

What I have observed so far is:
If I log in with Domain 1, it's working fine.
However, If I am logged in Domain 2, I am getting the above error.

I believe the reason of the error is, when I log in with Domain 2 by default my ADForest is of Domain 2.

I can't find a way to switch the ADForest to Domain 1. I can't find any switch with 'Connect-CertificationAuthority' similar to Get-ADUser that can specify which domain it should refer.

Any help with this would be appreciated.

Thanks!!
Comments: Hi, I can also recreate this issue on 3.2.6 I have only tried with CA's in different forests so far. The user account has permissions to manage the CA's in both forests, but with PSPKI I can only connect to the CA's in the same domain. Let me know if there is anything I can do to assist with troubleshooting? Thanks in advance..

New Post: Adding Extensions to newly created certificates include the new extensions

June 29, 2017, 11:59 am

≫ Next: New Post: Adding Extensions to newly created certificates include the new extensions

≪ Previous: Commented Unassigned: Connect-CertificationAuthority Error [89]

$

0

0

Hello, Vadims I trust you are very well, can you please help me with the following.

I need to create some certificates (Windows 2012 R2 CA) which have some new extensions on them e.g. non-critical extensions. I need to add three extensions, I have the OID for each and their description

looking at your module for cmdlets with extension in their name I see the following 5 cmdlets

Add-ExtensionList
Get-ExtensionList
Remove-ExtensionList
Set-CertificateExtension
Set-ExtensionList

I have read the help, but I am not quite sure if this is the correct approach and what order I should use the cmdlets in. For example do I need to Add- then Set- for example

I would be very grateful if you could steer me in the right direction with a couple of examples to make sure I am doing it correctly.

So at the end of the day when a certificate is issued from a particular template along side the usual extensions like 'Subject Key Identifier', 'Authority Key Identifier' etc... appear my three non-critical custom extensions

Thanks very much Vadims
EBrant

New Post: Adding Extensions to newly created certificates include the new extensions

June 29, 2017, 12:39 pm

≫ Next: Updated Wiki: Home

≪ Previous: New Post: Adding Extensions to newly created certificates include the new extensions

$

0

0

These cmdlets are supposed to configure accepted/disallowed extensions in the request. In order to add a specific extension to pending request you have to use Set-CertificateExtension cmdlet. See cmdlet examples for more deteails.

Updated Wiki: Home

June 29, 2017, 1:00 pm

≫ Next: Reviewed: PowerShell PKI Module v3.2.6 (Jul 25, 2017)

≪ Previous: New Post: Adding Extensions to newly created certificates include the new extensions

$

0

0

The project is permanently moved to GitHub!

---

The following technologies and products were used to design this module:

Reviewed: PowerShell PKI Module v3.2.6 (Jul 25, 2017)

July 25, 2017, 8:13 am

≫ Next: Created Unassigned: Bug with create New-SelfsignedCertificateEx and using pass [107]

≪ Previous: Updated Wiki: Home

$

0

0

Rated 5 Stars (out of 5) - This is a great module. I wrote this script to generate a CSV file of all the certificates that will expire in the next two months. We have multiple CAs so they are stored in a csv file along with the templates I want to report on. http://dqparker.com/get-expiring-certificates-using-powershell/

Created Unassigned: Bug with create New-SelfsignedCertificateEx and using pass [107]

August 14, 2017, 11:36 pm

≫ Next: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

≪ Previous: Reviewed: PowerShell PKI Module v3.2.6 (Jul 25, 2017)

$

0

0

I dont can create New-SelfsignedCertificateEx -Subject "CN=123.com" -SAN "123.com" -Path C:\test\ssl.pfx -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -StoreLocation "LocalMachine". windows 7, version PSPKI 3.2.6

Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

September 18, 2017, 11:16 am

≫ Next: Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

≪ Previous: Created Unassigned: Bug with create New-SelfsignedCertificateEx and using pass [107]

$

0

0

Installation guide:

• Use default installation path to install this module for current user only.
• To install this module for all users — enable "Install for all users" check-box in installation UI
• if previous module installations are detected, they are removed during upgrade.

Release notes in my weblog: https://www.sysadmins.lv/blog-en/powershell-pki-module-v326-is-out.aspx

Sources:
PowerShell Module: https://github.com/Crypt32/PSPKI
PKI.Core.dll: https://github.com/Crypt32/pkix.net
SysadminsLV.Asn1Parser.dll: https://github.com/Crypt32/Asn1DerParser.NET

---

Updated Release: PowerShell PKI Module v3.2.6 (aug 07, 2016)

September 18, 2017, 11:16 am

≪ Previous: Released: PowerShell PKI Module v3.2.6 (Aug 07, 2016)

$

0

0

Installation guide:

• Use default installation path to install this module for current user only.
• To install this module for all users — enable "Install for all users" check-box in installation UI
• if previous module installations are detected, they are removed during upgrade.

Release notes in my weblog: https://www.sysadmins.lv/blog-en/powershell-pki-module-v326-is-out.aspx

Sources:
PowerShell Module: https://github.com/Crypt32/PSPKI
PKI.Core.dll: https://github.com/Crypt32/pkix.net
SysadminsLV.Asn1Parser.dll: https://github.com/Crypt32/Asn1DerParser.NET