-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working in non domain computer #13
Comments
Try the /domain and /ldapserver with the find function. E.g. certify.exe find /domain:github.com /ldapserver:4.2.2.2 |
If you just need to query the ldap server you can do that from a non-domain joined machine using:
and then run the commands you need:
All the information about templates and permissions are correctly listed. The problem is when you need to request a certificate that Certify errors out:
If I join the machine to the domain the same command succeed. |
I have the same problem, even on a runas netonly session, the certificate request takes the current user context (not the runas) in a non domain joined computer. |
Same problem here too. |
certipy (https://github.com/ly4k/Certipy) can solve this, which also work out with my issue on #27 . e.g.
|
I hit the same issue too. While the scenario is a bit different where i am requesting the certificate from a trusted domain in a one way outbound trust environment. Would like to know if there are any workaround for certify. Certipy shall work but haven’t test out. |
I'm in the same boat. Did u figure out a solution yet? |
Hello, I ended up a similar situation and I think I found a solution so I'm sharing my experience in the hope that it helps. My scenario was :
So I'm in a PTT session on a computer outside of Domain B and when I try to use Certify I have the same error saying that "An enrollment policy server cannot be located." To fix this issue I ended up changing Certify source code in Cert.cs line 89 from : objPkcs10.InitializeFromPrivateKey(context, privateKey, templateName); To : objPkcs10.InitializeFromPrivateKey(context, privateKey, "");
CX509ExtensionTemplateName templateExtension = new CX509ExtensionTemplateName();
templateExtension.InitializeEncode(templateName);
objPkcs10.X509Extensions.Add((CX509Extension)templateExtension); Why does it work ? I have no clue but I saw similar issues on Stackoverflow so I gave it a shot and I was then able to request a certificate for a high privilege user, then a TGT, etc. |
Actually, it’s better to apply this code replacement in two places: in the CreateCertRequestMessage and CreateCertRequestOnBehalfMessage methods. |
Hi, Probably you already aware about problems related to running certify in non domain machine. Even if I tried different test cases (runas, netonly, ptt, cmd over pth) each time I got exception and I was not able to request certificate. Could you please recommend me what can I do for this in case if you don't plan any code updates for this issue?
Thanks
The text was updated successfully, but these errors were encountered: