Error retreiving certificate templates as part of running audit

[ssparkgit]

When invoking PKIAudit it pulls back my CA information but after the misconfiguration section I get this error.

New-Object : Exception calling ".ctor" with "1" argument(s): "An invalid dn syntax has been specified.
"
At C:\temp\PSPKIAudit-main\PSPKI\3.7.2\Server\Get-CertificateTemplate.ps1:67 char:48
+ ... ach-Object {New-Object PKI.CertificateTemplates.CertificateTemplate $ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

I have made sure that 'Get-CertificateTemplate' pulls results within powershell. I have the AD and CS tools installed and imported running this on a Windows 2016 server.

[KStieers]

I'm seeing the same thing... did you ever get it figured out?

[devonbowers]

Same issue

[leechristensen]

Pinging @Crypt32 since it appears to be an issue in PSPKI dependency. Can easily be reproduced by creating a template with a slash in the name. PSPKI is failing on this line:

https://github.com/PKISolutions/PSPKI/blob/5f8ba9e0b195857294dd8bde4e2da6e716cbd956/PSPKI/Server/Get-CertificateTemplate.ps1#L67

I'm wondering too if LDAP escaping (e.g., for commas, slashes) in the CN may be the issue with #9 and #21 as well. See section 2.4 here for the situations where LDAP escaping may occur in the DNs

[Crypt32]

@leechristensen can you log a bug in PSPKI repo?