-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,6 +30,15 @@ const LinuxAbuse: FC = () => { | |
| 'certipy req -u [email protected] -p Passw0rd -ca corp-DC-CA -target ca.corp.local -template ESC6 -upn [email protected]' | ||
| } | ||
| </Typography> | ||
| <Typography variant='body2'> | ||
| If the enrollment fails with an error message stating that the Email or DNS name is unavailable and | ||
| cannot be added to the Subject or Subject Alternate name, then it is because the enrollee principal does | ||
| not have their 'mail' or 'dNSHostName' attribute set, which is required by the certificate template. The | ||
| 'mail' attribute can be set on both user and computer objects but the 'dNSHostName' attribute can only | ||
| be set on computer objects. Computers have validated write permission to their own 'dNSHostName' | ||
| attribute by default, but neither users nor computers can write to their own 'mail' attribute by | ||
| default. | ||
| </Typography> | ||
| <Typography variant='body2'> | ||
| <b>Step 2</b>: Request a ticket granting ticket (TGT) from the domain, specifying the certificate | ||
| created in Step 1 and the IP of a domain controller: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -33,6 +33,15 @@ const LinuxAbuse: FC = () => { | |
| 'certipy req -u [email protected] -p Passw0rd -ca corp-DC-CA -target ca.corp.local -template ESC6 -upn [email protected]' | ||
| } | ||
| </Typography> | ||
| <Typography variant='body2'> | ||
| If the enrollment fails with an error message stating that the Email or DNS name is unavailable and | ||
| cannot be added to the Subject or Subject Alternate name, then it is because the enrollee principal does | ||
| not have their 'mail' or 'dNSHostName' attribute set, which is required by the certificate template. The | ||
| 'mail' attribute can be set on both user and computer objects but the 'dNSHostName' attribute can only | ||
| be set on computer objects. Computers have validated write permission to their own 'dNSHostName' | ||
| attribute by default, but neither users nor computers can write to their own 'mail' attribute by | ||
| default. | ||
| </Typography> | ||
| <Typography variant='body2'> | ||
| <Box component='span' sx={{ fontWeight: 'bold' }}> | ||
| Step 2: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters