magnuswatn / certsrv Goto Github PK
View Code? Open in Web Editor NEWA Python client for the Microsoft AD Certificate Services web page
License: MIT License
A Python client for the Microsoft AD Certificate Services web page
License: MIT License
Is there a way to add additional attributes to the cert request? For example, I frequently include subject alternate name (SAN) fields using the san:dns=dns.name[&dns=dns.name]
format.
I'm adding the capability to talk to the MSCA to a script. The part that uses the Certsrv component causes an error.
I get:
File "/usr/lib/python2.7/dist-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://pki.example.com/certsrv/certfnsh.asp
When I look at the server weblogs, I see that requests that work correctly (from WebUI or other scripts) include the username in the weblog (so they're in the request), but requests from the certsrv component do not.
I am using Certsrv.get_cert(csr, "WebServer", encoding="b64") -- after instantiating the object with the server, username and password.
I've tried using the examples, but they give the same error.
The user used for this has the ability to create, sign and receive the certs as this is what I use in the other scripts and the WebUI.
So - am I missing something?
Certsrv version 2.1.1.
Python version 2.7.16
Thanks,
Patrick
hi there,
it might be a stupid question, but how do i run that script to make means work?
i am not a dev.
On Centos6 running either python 2.75 or 3.6.8, I get the following error.
ImportError: cannot import name Certsrv
If I change the line to "from certsrv import *" I get:
NameError: name 'Certsrv' is not defined
I am going by the example at https://certsrv.readthedocs.io/en/latest/certsrv.html.
on nonwindows systems, the library fails to submit requests to a private CA:
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
tried exporting SSL_CERT_FILE, but that appears to only work for requests, not urllib2.
would it be possible to add an optional parameter to specify the CA root?
I have noticed that you are using CertificateSigningRequestBuilder.
How can i add a public key for the certificate signing request builder object ?
When a cert is created, the internal certificate ID is used but not returned to the original caller.
Would it be possible to add this information?
regards
I am using certsrv
as part of my acmeproxy project and like it a lot. One of my users is requesting http/socks5 proxy support and I think it would be beneficial for certsrv
as well.
I already had a look into the code; the implementation seems to be pretty straight forward. Will file a PR in the upcoming hours and hope you are ok with it.
Best regards
G.
I am unable to login into ADCS server using
get_cert('adcs.example.test', pem_req, server, username, password)
I always get 401, Am I missing something here ?
Hello,
I used certsrv to develop a Lemur-Issuer Plugin (Lemur.
For authorization, we use personal certificates.
I succeeded to connect with our AD by "patching" the local .py file like this:
_def _set_credentials(self, username, password):
if self.auth_method == "ntlm":
from requests_ntlm import HttpNtlmAuth
self.session.auth = HttpNtlmAuth(username, password)
else:
# self.session.auth = (username, password)
self.session.cert='/home/lemur/.lemur/client.cert'_
To cleanly improve this new parameters like "cert" nad "cert_path" are needed and a third path in the if :
def _set_credentials(self, username, password):
if self.auth_method == "ntlm":
from requests_ntlm import HttpNtlmAuth
self.session.auth = HttpNtlmAuth(username, password)
elif self.auth_method == "cert":
self.session.cert=certpath
else:
self.session.auth = (username, password)
I would be very happy, if you could integrate this feature in the release.
I have no experience with adding features to github projects but if you could give me directions, I could enter the changes myself.
Thank you
regards
ferdinand
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.