Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The submission failed: Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT) #30

Open
sm00v opened this issue May 16, 2023 · 2 comments
Open

The submission failed: Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT) #30

sm00v opened this issue May 16, 2023 · 2 comments

Comments

@sm00v
Copy link

sm00v commented May 16, 2023

Getting this error while running:
certify.exe request /ca:CASERVER.thisisalongdomainlol.com\Issuing-External-CA /template:VulnTemplate /altname:Administrator

My Subject name according to certify is:
CN=TEST2\, Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com

Any ideas on how to deal with this error? Sounds like a legitimate issue for which you have to permit longer than 64 character subject names on the ADCS server according to this: https://www.open-a-socket.com/2014/07/24/the-request-subject-name-is-invalid-or-too-long/

Below is the full output with redacted info, this pentest is about to end but it might help the next person if this gets answered.

[*] Current user context    : thisisalongdomainlol\Contos
[*] No subject name specified, using current context as subject.

[*] Template                : VulnTemplate 
[*] Subject                 : CN=TEST2\,  Contos, OU=Test Accounts, OU=Users, OU=Live, OU=ABC, DC=thisisalongdomainlol, DC=com
[*] AltName                 : administrator

[*] Certificate Authority   : CASERVER.thisisalongdomainlol.com\Issuing-External-CA

[!] CA Response             : The submission failed: Error Parsing Request  The request subject name is invalid or too long. 0x80094001 (-2146877439 CERTSRV_E_BAD_REQUESTSUBJECT)
[!] Last status             : 0x80094001
[*] Request ID              : 0

[*] cert.pem         :

-----BEGIN RSA PRIVATE KEY-----
abcde
-----END RSA PRIVATE KEY-----

[X] Error downloading certificate: CCertRequest::RetrievePending: The parameter is incorrect. 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

[*] Convert with: openssl pkcs12 -in cert.pem -keyex -CSP "Microsoft Enhanced Cryptographic Provider v1.0" -export -out cert.pfx


Certify completed in 00:00:08.5331567

Hopefully there is something that can be done rather than running a command on the AD CS server :/
@funnybananas
Copy link

funnybananas commented Aug 9, 2023
edited
Loading

I'm experiencing this same problem. Any one found a workaround? Could supplying the /subject yourself work?

@funnybananas
Copy link

For anyone having the same problem, this fixed it. Just provide your own subject and make sure it's less than 64 characters.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sm00v @funnybananas