This message was deleted.
# citrix-vads
Slackbot
03/16/2023, 12:41 PMThis message was deleted.
h
Henry Heres
03/16/2023, 3:24 PMremove the rights to the template and don't issue them on the according subca but only on the ca that you wan to use. The default templates etc. are not security hardened.
c
c4rm0
03/16/2023, 5:14 PMyeah understand that my question was how i remove all the pending requests for domain joined endpoints that are trying to auto enroll for a cert from the Citrix_RegistrationAuthority_ManualAuthorization template because the security perms on it had autoenroll enabled
c4rm0
03/16/2023, 5:15 PMi dont fancy going through thousands and thousdands of invalid pending cert requests and deny them all
h
Henry Heres
03/16/2023, 5:16 PMAh I understand then you’ll need to revoke them via cli regarding CA
c
c4rm0
03/16/2023, 5:16 PMcertutil -deny seems to work but need the requestid of the pending request
c4rm0
03/16/2023, 5:16 PMwonder if certutil -deny * would work
h
Henry Heres
03/16/2023, 5:17 PMWorth a try, or some looping via powershell perhaps
👍 1
c
c4rm0
03/16/2023, 5:22 PMonce i denied all the pending cert requests will fix the perms on the FAS templates as per https://carlstalhood.com/citrix-federated-authentication-service-saml/#certificatetemplates
a
Aaron O'Reilly
03/21/2023, 2:06 AMif it's like certutil -deleterows it will only do 3000 at a time so may look like it's not doing anything, but you just need to rerun things multiple times.