magnuswatn / certsrv Goto Github PK

Is there a way to add additional attributes to the cert request? For example, I frequently include subject alternate name (SAN) fields using the san:dns=dns.name[&dns=dns.name] format.

I'm adding the capability to talk to the MSCA to a script. The part that uses the Certsrv component causes an error.

I get:

File "/usr/lib/python2.7/dist-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://pki.example.com/certsrv/certfnsh.asp

When I look at the server weblogs, I see that requests that work correctly (from WebUI or other scripts) include the username in the weblog (so they're in the request), but requests from the certsrv component do not.

I am using Certsrv.get_cert(csr, "WebServer", encoding="b64") -- after instantiating the object with the server, username and password.

I've tried using the examples, but they give the same error.

The user used for this has the ability to create, sign and receive the certs as this is what I use in the other scripts and the WebUI.

So - am I missing something?

Certsrv version 2.1.1.
Python version 2.7.16

Thanks,

Patrick

hi there,

it might be a stupid question, but how do i run that script to make means work?

i am not a dev.

On Centos6 running either python 2.75 or 3.6.8, I get the following error.
ImportError: cannot import name Certsrv

If I change the line to "from certsrv import *" I get:

NameError: name 'Certsrv' is not defined

I am going by the example at https://certsrv.readthedocs.io/en/latest/certsrv.html.

on nonwindows systems, the library fails to submit requests to a private CA:

urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

tried exporting SSL_CERT_FILE, but that appears to only work for requests, not urllib2.

would it be possible to add an optional parameter to specify the CA root?

I have noticed that you are using CertificateSigningRequestBuilder.
How can i add a public key for the certificate signing request builder object ?

When a cert is created, the internal certificate ID is used but not returned to the original caller.
Would it be possible to add this information?
regards

I am using certsrv as part of my acmeproxy project and like it a lot. One of my users is requesting http/socks5 proxy support and I think it would be beneficial for certsrv as well.

I already had a look into the code; the implementation seems to be pretty straight forward. Will file a PR in the upcoming hours and hope you are ok with it.

Best regards
G.

I am unable to login into ADCS server using

get_cert('adcs.example.test', pem_req, server, username, password)

I always get 401, Am I missing something here ?

Hello,
I used certsrv to develop a Lemur-Issuer Plugin (Lemur.
For authorization, we use personal certificates.
I succeeded to connect with our AD by "patching" the local .py file like this:
_def _set_credentials(self, username, password):
if self.auth_method == "ntlm":
from requests_ntlm import HttpNtlmAuth

        self.session.auth = HttpNtlmAuth(username, password)
    else:
         # self.session.auth = (username, password)
         self.session.cert='/home/lemur/.lemur/client.cert'_

To cleanly improve this new parameters like "cert" nad "cert_path" are needed and a third path in the if :
def _set_credentials(self, username, password):
if self.auth_method == "ntlm":
from requests_ntlm import HttpNtlmAuth

        self.session.auth = HttpNtlmAuth(username, password)
   elif  self.auth_method == "cert":
        self.session.cert=certpath
   else:
        self.session.auth = (username, password)

I would be very happy, if you could integrate this feature in the release.
I have no experience with adding features to github projects but if you could give me directions, I could enter the changes myself.

Thank you
regards
ferdinand