Get-CertificateRequest does not allow for relative Paths

[PatrickOnGit]

Get-CertificateRequest returns file not found when using relative path like .\MyRequest.csr

Get-CertificateRequest -Path .\MyRequest.csr

The following works:

Get-CertificateRequest -Path ( Resolve-Path .\MyRequest.csr )

It would come handy if relative paths are supported.

[Crypt32]

I'll take a look. I thought, relative paths should work by default.

[Crypt32]

Thread was not updated for a long time.

[PatrickOnGit]

issue not solved.

[Crypt32]

I can't repro this. Here is what I get in my lab:

PS C:\Users\administrator.CONTOSO> dir *.req


    Directory: C:\Users\administrator.CONTOSO


Mode                LastWriteTime     Length Name
----                -------------     ------ ----
-a---       2015.10.15.     8:44        1612 req.req


PS C:\Users\administrator.CONTOSO> Get-CertificateRequest -path .\req.req


RequestType        : PKCS10
SubjectDn          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
ExternalData       :
Version            : 1
SubjectName        : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Subject            : CN=hostname, OU=IT, O=Company, L=City, S=California, C=US
PublicKey          : System.Security.Cryptography.X509Certificates.PublicKey
Extensions         : {2.5.29.15 (Key Usage), 2.5.29.37 (Enhanced Key Usage), 1.2.840.113549.1.9.15 (SMIME Capabilities)
                     , 2.5.29.14 (Subject Key Identifier)}
Attributes         : {0, 0, 0}
SignatureAlgorithm : 1.2.840.113549.1.1.5 (sha1RSA)
SignatureIsValid   : True
RawData            : {48, 130, 4, 85...}

[PatrickOnGit]

Hello Vadims I'll check again tomorrow morning. I don't have my computer running. Thank you Patrick

…

________________________________

[PatrickOnGit]

Hello Vadims

I can reproduce the issue (See Windows and PowerShell Version information below).

PS C:\Users\Administrator> Get-Module pspki

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     3.4.1.0    PSPKI                               {Add-AdCertificate, Add-AdCertificateRevocationList, Add-AuthorityInformationA...


PS C:\Users\Administrator> ls *.req


    Directory: C:\Users\Administrator


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
-a----        07-Jun-19     23:39           7274 BSNB150-VMDC3-signed.req
-a----        11-Dec-18     17:46           1370 BSNB150-VMDC3.req
-a----        07-Jun-19     17:23           7274 BSNB150-VMDC3_signed.req


PS C:\Users\Administrator> Get-CertificateRequest .\BSNB150-VMDC3.req
New-Object : Exception calling ".ctor" with "1" argument(s): "The system cannot find the file specified"
At C:\Program Files\WindowsPowerShell\Modules\PSPKI\3.4.1.0\Client\Get-CertificateRequest.ps1:20 char:4
+             New-Object Security.Cryptography.X509CertificateRequests. ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

PS C:\Users\Administrator> Get-CertificateRequest C:\Users\Administrator\BSNB150-VMDC3.req


RequestType        : PKCS10
SubjectDn          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
ExternalData       :
Version            : 1
SubjectName        : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Subject            : CN=test.server.com
PublicKey          : System.Security.Cryptography.X509Certificates.PublicKey
Extensions         : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
Attributes         : {0, 0, 0}
SignatureAlgorithm : System.Security.Cryptography.Oid
SignatureIsValid   : True
RawData            : {48, 130, 3, 164...}

The issue is in line 20:

New-Object Security.Cryptography.X509CertificateRequests.X509CertificateRequest -ArgumentList .\BSNB150-VMDC3.req

New-Object : Exception calling ".ctor" with "1" argument(s): "The system cannot find the file specified"
At line:1 char:1
+ New-Object Security.Cryptography.X509CertificateRequests.X509Certific ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

Changing it slightly using Resolve-Path (which works using relative and full paths, but may return more then one file using wildcards):

PS C:\Users\Administrator> New-Object Security.Cryptography.X509CertificateRequests.X509CertificateRequest -ArgumentList ( Resolve-Path .\BS
NB150-VMDC3.req )


RequestType        : PKCS10
SubjectDn          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
ExternalData       :
Version            : 1
SubjectName        : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Subject            : CN=test.server.com
PublicKey          : System.Security.Cryptography.X509Certificates.PublicKey
Extensions         : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
Attributes         : {0, 0, 0}
SignatureAlgorithm : System.Security.Cryptography.Oid
SignatureIsValid   : True
RawData            : {48, 130, 3, 164...}

I tried on the following Windows / PowerShell Versions

PS C:\Users\Administrator> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      5.1.14393.2969
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.14393.2969
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

PS C:\Users\Administrator> Get-CimInstance CIM_OperatingSystem | Select Caption, Version, CodeSet,OSLanguage

Caption                                  Version    CodeSet OSLanguage
-------                                  -------    ------- ----------
Microsoft Windows Server 2016 Datacenter 10.0.14393 1252          1033

[Crypt32]

Ok, reopened the issue. It seems that PS no longer updates working directory for .NET classes. As the result if you switch current directory in PS console, then relative paths will stop working.

Can you confirm current working directory for .net: [Environment]::CurrentDirectory?
if you change PS location to this directory, do relative paths work for you?

[PatrickOnGit]

Hello Vadims

You are right. the current .Net location is different than the current location I cd'd to.

PS C:\Users\Administrator> [Environment]::CurrentDirectory
C:\Windows\system32

When executing the command in C:\Windows\system32 and use a path relative to this, the command works.

PS C:\Windows\system32> Get-CertificateRequest  '..\..\Users\Administrator\BSNB150-VMDC3.req'


RequestType        : PKCS10
SubjectDn          : System.Security.Cryptography.X509Certificates.X500DistinguishedName
ExternalData       :
Version            : 1
SubjectName        : System.Security.Cryptography.X509Certificates.X500DistinguishedName
Subject            : CN=test.server.com
PublicKey          : System.Security.Cryptography.X509Certificates.PublicKey
Extensions         : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
Attributes         : {0, 0, 0}
SignatureAlgorithm : System.Security.Cryptography.Oid
SignatureIsValid   : True
RawData            : {48, 130, 3, 164...}

What also works is adding $PWD in front of the relative path, but of course only if the path

PS C:\Users\Administrator> Get-CertificateRequest "$pwd\.\Users\Administrator\BSNB150-VMDC3.req"

But probably most reliant is always converting each path to full path using Resolve-Path