Documentation
¶
Overview ¶
Package req submits certificate requests to AD CS. Supported methods: HTTP web enrollment (/certsrv/) is implemented end-to-end with Basic auth over TLS; NTLM/Kerberos over HTTP and ICPR RPC are pending.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var CertSrvRequestClassID = uuid.MustParse("d99e6e74-fc88-11d0-b498-00a0c90312f3")
CertSrvRequestClassID is the DCOM coclass GUID for CertSrv's request object. MS-WCCE 1.9, also referenced by the Microsoft ADCS samples.
var Debug bool
Debug causes req to dump HTTP request / response metadata to stderr when true. Toggled by the CLI --debug flag.
var Timeout = 30 * time.Second
Timeout caps every HTTP round trip in submitWeb. Default is 30s.
Functions ¶
func Submit ¶
func Submit(opts Options) (*pki.Certificate, error)
Submit generates a key + CSR, submits via the chosen method, and returns the issued *pki.Certificate. The default method is DCOM (MS-WCCE ICertRequestD2::Request2) which matches Certipy's default. --method rpc uses ICertPassage (simpler MSRPC alternative) and --method web uses the /certsrv/ HTTP flow.
Types ¶
type Options ¶
type Options struct {
Method Method
CA string // hostname for web URL / RPC endpoint
CAName string // Enterprise CA common name
Template string
Subject string
UPN string
DNSNames []string
KeySize int
Username string // HTTP Basic user (domain\user or user@realm)
Password string // plaintext
TLSInsecure bool
DCHost string // optional; used as DNS resolver fallback for CA hostnames
}
Options controls one certificate request.
Source Files