**Camelot wrote:**
> Ok, if you are aware about these risks, then the following syntax must be used:
> ```
> Submit-CertificateRequest <parameters> -Attribute "san:dns=www.example.com&dns=sip.example.com"
> ```
We did the following tests:
1. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'CertificateTemplate:TestServerInternalStandard','san:dns=testname1.infineon.com&dns=testname2.infineon.com'
In this case only the required by the CA Template was taken.
2. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'san:dns=testname1.infineon.com&dns=testname2.infineon.com','CertificateTemplate:TestServerInternalStandard'
In this case only the Sans were taken and not the Template which resulted in an "Requeststatus denied" as our CA requires a Templatename.
Do you have an idea what we got wrong? Our CA is hosted on an Win2008 R2 Server.
Thanks Andreas
Comments: This is a bug. I will fix it in the next release. As a temporary workaround, do the following: Open Submit-CertificateRequest.ps1 file and navigate the line 22: ``` [Void]$SB.Append($attrib + "\n") ``` replace this expression with: ``` [Void]$SB.Append($attrib + "`n") ``` navigate the line 25: ``` $strAttribute = $strAttribute.Substring(0,$strAttribute.Length - 2) ``` and replace it with: ``` $strAttribute = $strAttribute.Substring(0,$strAttribute.Length - 1) ```
> Ok, if you are aware about these risks, then the following syntax must be used:
> ```
> Submit-CertificateRequest <parameters> -Attribute "san:dns=www.example.com&dns=sip.example.com"
> ```
We did the following tests:
1. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'CertificateTemplate:TestServerInternalStandard','san:dns=testname1.infineon.com&dns=testname2.infineon.com'
In this case only the required by the CA Template was taken.
2. Submit-CertificateRequest -Path d:\temp\acertRequest.cer -CertificateAuthority $myCA -Attribute 'san:dns=testname1.infineon.com&dns=testname2.infineon.com','CertificateTemplate:TestServerInternalStandard'
In this case only the Sans were taken and not the Template which resulted in an "Requeststatus denied" as our CA requires a Templatename.
Do you have an idea what we got wrong? Our CA is hosted on an Win2008 R2 Server.
Thanks Andreas
Comments: This is a bug. I will fix it in the next release. As a temporary workaround, do the following: Open Submit-CertificateRequest.ps1 file and navigate the line 22: ``` [Void]$SB.Append($attrib + "\n") ``` replace this expression with: ``` [Void]$SB.Append($attrib + "`n") ``` navigate the line 25: ``` $strAttribute = $strAttribute.Substring(0,$strAttribute.Length - 2) ``` and replace it with: ``` $strAttribute = $strAttribute.Substring(0,$strAttribute.Length - 1) ```