This message was deleted.
# _generals
Slackbot
05/15/2023, 12:26 AMThis message was deleted.
l
Leee Jeffries
05/15/2023, 1:27 PMIt's saying that you didn't specify a template to be used in your CSR. More thank likely the hardening has restricted what templates can be used and there is no "default" anymore.
Leee Jeffries
05/15/2023, 1:28 PMLeee Jeffries
05/15/2023, 1:28 PMThis is specifically for a wildcard but the point is that you can specify which cert template you want to use 😉
o
Owen Reynolds
05/15/2023, 1:43 PMThanks @Leee Jeffries, in this case, we did specifically select the template, so, it's confusing that it's still throwing the error. I might try it via certreq.exe with an INF as above as the next step. That's how I issue certs on my home lab, and it never fails
l
Leee Jeffries
05/15/2023, 2:04 PMOtherwise, you'll need access to the CA to see what's been done.
Leee Jeffries
05/15/2023, 2:04 PM👍🏻
o
Owen Reynolds
05/17/2023, 6:35 PMThank you, @Leee Jeffries for the above! In the end, root cause was the template in question having an AD group set that didn't include the CA. As the contractor had removed "domain computers" from the DACL. With that done, I was able to issue the cert via the same method i use on my home lab, and as described in your blog post
https://leeejeffries.com/request-an-ssl-certificate-from-a-windows-ca-without-web-enrolment
l
Leee Jeffries
05/19/2023, 7:18 AMPerfect, Nice one Owen! Security lockdown, very secure.
🙏 1
5 Views