Quantcast
Channel: Public Key Infrastructure PowerShell module
Viewing all articles
Browse latest Browse all 729

New Post: Get Pending Requests with SAN / DNS

$
0
0
Sorry for delayed response.
The only way is to get raw request ("Request.RawRequest" property) and use it to instantiate a X509CertificateRequest class (http://pkix2.sysadmins.lv/library/html/T_System_Security_Cryptography_X509CertificateRequests_X509CertificateRequest.htm)
In your case it would be something like this:
# get raw request in base64 string form
$rawRequest = (Get-CA myca | Get-PendingRequest -RequestID 100 -Property "Request.RawRequest")."Request.RawRequest"
# convert base64 string to byte array
$rawBytes = [convert]::frombase64string($rawRequest)
# instantiate X509 reuqest object:
$request = new-object security.cryptography.x509certificaterequests.x509certificaterequest (,$rawBytes)
# find out SAN extension:
$SAN = $request.Extensions | where {$_.oid.value -eq "2.5.29.17"}
Replace your query string with your own query and add included property to include raw request from the database.
if there is SAN extension in the request, $SAN will store the extension. I made a SAN extension class, so you can access individual names in the AlternativeNames property. Here is an example:
PS C:\> $SAN = $cert.Extensions | ?{$_.oid.value -eq "2.5.29.17"}
PS C:\> $san

AlternativeNames                                   Critical Oid                           RawData
----------------                                   -------- ---                           -------
{DNS Name=DC, DNS Name=dc2...                         False 2.5.29.17 (Subject Alterna... {48, 22, 130, 3...}


PS C:\> $san.AlternativeNames

                         Type OID                           Value                         RawData
                         ---- ---                           -----                         -------
                      DnsName                               DC2                           {130, 3, 68, 67...}
                      DnsName                               dc2.contoso.com               {130, 15, 100, 99...}


PS C:\>
Note: currently I can handle only PKCS#10 requests, so in certain cases it may not work.

Viewing all articles
Browse latest Browse all 729

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>