Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ImportExchangeHybrid.ps1 hostname extraction bug #2568

Closed
cjs59 opened this issue May 2, 2024 · 2 comments
Closed

ImportExchangeHybrid.ps1 hostname extraction bug #2568

cjs59 opened this issue May 2, 2024 · 2 comments
Labels
confirmed bug
Milestone
2.2.9

Comments

@cjs59
Copy link

cjs59 commented May 2, 2024
edited

Describe the bug
When using Win-ACME to get a certificate from Sectigo, InstallExchangeHybrid.ps1 fails to extract the domain name from the certificate subject: "CN=hostname.domain, O=Organisation Name, S=State, C=CC". It

To Reproduce

  1. Run with command line .\wacs.exe --source "manual" --host "hostname.domain" --baseuri "https://acme.sectigo.com/v2/OV" --eab-key-identifier "keyid" --eab-key "key" --certificatestore "My" --acl-fullcontrol "Network Service,Administrators" --installation "iis,script" --installationsiteid 1 --script "C:\Program Files\Win-ACME\Scripts\ImportExchangeHybrid.ps1" --scriptparameters "'{CertThumbprint}' 'IIS,SMTP' 0 '{CacheFile}' '{CachePassword}' '{CertFriendlyName}'"
  2. See certificate created correctly
  3. See error while deploying the certificate:
 Script C:\Program Files\Win-ACME\Scripts\ImportExchangeHybrid.ps1 starting with parameters 'thumbprint' 'IIS,SMTP' 0 'C:\ProgramData\win-acme\acme.sectigo.comv2OV\Certificates\filename.pfx' '********' '[Manual] hostname.domain @ 2024/5/2 10:44:10'
 Script error: Cannot process argument transformation on parameter 'DomainName'. Cannot convert value
 Script error: "hostname.domain, O" to type
 Script error: "Microsoft.Exchange.Data.MultiValuedProperty`1[Microsoft.Exchange.Data.SmtpDomain]". Error: "Failed to convert
 Script error: hostname.domain, O from System.String to Microsoft.Exchange.Data.SmtpDomain. Error: Error while
 Script error: converting string 'hostname.domain, O' to result type Microsoft.Exchange.Data.SmtpDomain:
 Script error: "hostname.domain, O" isn't a valid SMTP domain."
 Script error:     + CategoryInfo          : InvalidData: (:) [Get-ExchangeCertificate], ParameterBindin...mationException
 Script error:     + FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-ExchangeCertificate
 Script error:     + PSComputerName        : hostname.domain
 Script finished

Expected behavior
The script runs without any errors if you change line 170 from:

Get-ExchangeCertificate -DomainName $Certificate.Subject.split("=")[1]

To:

Get-ExchangeCertificate -DomainName $Certificate.Subject.split(",")[0].split("=")[1]

This version works with Sectigo-style subjects with multiple components as well as LetsEncrypt-style subjects with just "CN=hostname.domain".

Platform:

  • OS: Windows Server 2016, English
  • Version: win-acme.v2.2.8.1635.x64.trimmed.zip
@WouterTinus WouterTinus added this to the 2.2.9 milestone May 3, 2024
@WouterTinus
Copy link
Member

Thanks for the report and the fix!

WouterTinus added a commit that referenced this issue May 3, 2024
@WouterTinus
updates #2568
8eec52d
@WouterTinus
Copy link
Member

This has been released in 2.2.9

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug
Projects
None yet
Milestone
2.2.9
Development

No branches or pull requests
2 participants
@WouterTinus @cjs59