Got error: 'NoneType' object has no attribute 'request' about certipy HOT 9 CLOSED

Hello. It seems like the server dc3 doesn't have the AD CS service installed. The request command should be run against the CA server, not the DC - unless they are the same. :-)

from certipy.

Ok - so both the req and -ca arguments should point to the CA?

ex: certipy req 'domain/usertest:redacted@ca3' -ca ca3 -template User -debug

When I try that, I get the following error:

/usr/share/Certipy# certipy req 'domain/usertest:redacted@cs3' -ca cs3 -template User
Certipy v3.0.0 - by Oliver Lyak (ly4k)

[*] Requesting certificate
[-] Got error: RequestSessionError: code: 0x80070057 - E_INVALIDARG - One or more arguments are invalid.
[-] Use -debug to print a stacktrace

from certipy.

Yes, but the -ca argument should contain the name of the CA. If you don't know the name of the CA, you can use the "find" command against the DC server

from certipy.

I know the name of the CA - its cs3.

Should the servername after the @ in the req be the CA or a DC?

from certipy.

Is that the name of the CA server or the CA? There is a difference. After the @ you should put the CA server, and in the -ca you should put the name of the CA. They are usually different. The error you see is because the certificate template does not exist or the name of the CA is not correct

from certipy.

Ok. Is there a seperate command to confirm the name of the CA?

from certipy.

The "find" command should print the name of the CAs

from certipy.

Thank you. Found it with certutil as well. I appreciate your help.

from certipy.

Great. So everything worked out? :-)

from certipy.