administrator@ad.root.domain.com@jammy-client:~$ sudo CERTMONGER_OPERATION=GET-SUPPORTED-TEMPLATES /usr/libexec/certmonger/cepces-submit --endpoint=https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP
2025-01-28 07:28:24,808 cepces.config.Configuration:DEBUG:Initializing application configuration.
2025-01-28 07:28:24,809 cepces.config.Configuration:DEBUG:Reading: /etc/cepces/cepces.conf
2025-01-28 07:28:24,809 cepces.auth.KerberosAuthenticationHandler<0x752aed9a5d80>:DEBUG:Initializing cepces.auth.KerberosAuthenticationHandler<0x752aed9a5d80>.
2025-01-28 07:28:24,809 cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a5660>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a5660>.
2025-01-28 07:28:24,809 cepces.krb5.core.Context<0x752aed9a66b0>:DEBUG:Initializing cepces.krb5.core.Context<0x752aed9a66b0>.
2025-01-28 07:28:24,809 cepces.krb5.core.Context<0x752aed9a66b0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x752aed937940>
2025-01-28 07:28:24,810 cepces.krb5.core.Keytab<0x752aed9a6800>:DEBUG:Initializing cepces.krb5.core.Keytab<0x752aed9a6800>.
2025-01-28 07:28:24,810 cepces.krb5.core.Keytab<0x752aed9a6800>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x752aed935f40>
2025-01-28 07:28:24,810 cepces.krb5.core.KeytabName<0x752aed9a6890>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x752aed9a6890>.
2025-01-28 07:28:24,810 cepces.krb5.core.KeytabName<0x752aed9a6890>:DEBUG:Handle None
2025-01-28 07:28:24,810 cepces.krb5.core.Principal<0x752aed9a69b0>:DEBUG:Initializing cepces.krb5.core.Principal<0x752aed9a69b0>.
2025-01-28 07:28:24,810 cepces.krb5.core.Principal<0x752aed9a69b0>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x752aed937a40>
2025-01-28 07:28:24,810 cepces.krb5.core.PrincipalName<0x752aed9a6a70>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x752aed9a6a70>.
2025-01-28 07:28:24,810 cepces.krb5.core.PrincipalName<0x752aed9a6a70>:DEBUG:Handle None
2025-01-28 07:28:24,810 cepces.krb5.core.CredentialOptions<0x752aed9a69e0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x752aed9a69e0>.
2025-01-28 07:28:24,810 cepces.krb5.core.CredentialOptions<0x752aed9a69e0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x752aed9376c0>
2025-01-28 07:28:24,810 cepces.krb5.core.Credentials<0x752aed9a6b60>:DEBUG:Initializing cepces.krb5.core.Credentials<0x752aed9a6b60>.
2025-01-28 07:28:24,810 cepces.krb5.core.Credentials<0x752aed9a6b60>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x752aed937ac0>
2025-01-28 07:28:24,811 cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a5660>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a5660>.
2025-01-28 07:28:24,811 cepces.krb5.core.Context<0x752aed9a6b30>:DEBUG:Initializing cepces.krb5.core.Context<0x752aed9a6b30>.
2025-01-28 07:28:24,811 cepces.krb5.core.Context<0x752aed9a6b30>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x752aed937940>
2025-01-28 07:28:24,811 cepces.krb5.core.Keytab<0x752aed9a69b0>:DEBUG:Initializing cepces.krb5.core.Keytab<0x752aed9a69b0>.
2025-01-28 07:28:24,811 cepces.krb5.core.Keytab<0x752aed9a69b0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x752aed937a40>
2025-01-28 07:28:24,811 cepces.krb5.core.KeytabName<0x752aed9a6b90>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x752aed9a6b90>.
2025-01-28 07:28:24,811 cepces.krb5.core.KeytabName<0x752aed9a6b90>:DEBUG:Handle None
2025-01-28 07:28:24,811 cepces.krb5.core.Principal<0x752aed9a6890>:DEBUG:Initializing cepces.krb5.core.Principal<0x752aed9a6890>.
2025-01-28 07:28:24,811 cepces.krb5.core.Principal<0x752aed9a6890>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x752aed9376c0>
2025-01-28 07:28:24,811 cepces.krb5.core.PrincipalName<0x752aed9a5750>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x752aed9a5750>.
2025-01-28 07:28:24,811 cepces.krb5.core.PrincipalName<0x752aed9a5750>:DEBUG:Handle None
2025-01-28 07:28:24,811 cepces.krb5.core.CredentialOptions<0x752aed9a68f0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x752aed9a68f0>.
2025-01-28 07:28:24,811 cepces.krb5.core.CredentialOptions<0x752aed9a68f0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x752aed935f40>
2025-01-28 07:28:24,811 cepces.krb5.core.Credentials<0x752aed9a6ec0>:DEBUG:Initializing cepces.krb5.core.Credentials<0x752aed9a6ec0>.
2025-01-28 07:28:24,811 cepces.krb5.core.Credentials<0x752aed9a6ec0>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x752aed937ac0>
2025-01-28 07:28:24,814 cepces.krb5.core.CredentialCache<0x752aed9a6950>:DEBUG:Initializing cepces.krb5.core.CredentialCache<0x752aed9a6950>.
2025-01-28 07:28:24,814 cepces.krb5.core.CredentialCache<0x752aed9a6950>:DEBUG:Handle <cepces.krb5.types.LP__krb5_ccache object at 0x752aed937bc0>
2025-01-28 07:28:24,815 cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a6680>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a6680>.
2025-01-28 07:28:24,815 cepces.krb5.core.Context<0x752aed9a6ad0>:DEBUG:Initializing cepces.krb5.core.Context<0x752aed9a6ad0>.
2025-01-28 07:28:24,815 cepces.krb5.core.Context<0x752aed9a6ad0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x752aed937b40>
2025-01-28 07:28:24,815 cepces.krb5.core.Keytab<0x752aed9a6ef0>:DEBUG:Initializing cepces.krb5.core.Keytab<0x752aed9a6ef0>.
2025-01-28 07:28:24,815 cepces.krb5.core.Keytab<0x752aed9a6ef0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x752aed937d40>
2025-01-28 07:28:24,815 cepces.krb5.core.KeytabName<0x752aed9a6f80>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x752aed9a6f80>.
2025-01-28 07:28:24,815 cepces.krb5.core.KeytabName<0x752aed9a6f80>:DEBUG:Handle None
2025-01-28 07:28:24,815 cepces.krb5.core.Principal<0x752aed9a7010>:DEBUG:Initializing cepces.krb5.core.Principal<0x752aed9a7010>.
2025-01-28 07:28:24,815 cepces.krb5.core.Principal<0x752aed9a7010>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x752aed937cc0>
2025-01-28 07:28:24,815 cepces.krb5.core.PrincipalName<0x752aed9a70d0>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x752aed9a70d0>.
2025-01-28 07:28:24,815 cepces.krb5.core.PrincipalName<0x752aed9a70d0>:DEBUG:Handle None
2025-01-28 07:28:24,815 cepces.krb5.core.CredentialOptions<0x752aed9a7040>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x752aed9a7040>.
2025-01-28 07:28:24,815 cepces.krb5.core.CredentialOptions<0x752aed9a7040>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x752aed937dc0>
2025-01-28 07:28:24,815 cepces.krb5.core.Credentials<0x752aed9a71c0>:DEBUG:Initializing cepces.krb5.core.Credentials<0x752aed9a71c0>.
2025-01-28 07:28:24,815 cepces.krb5.core.Credentials<0x752aed9a71c0>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x752aed937e40>
2025-01-28 07:28:24,816 cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a6680>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x752aed9a6680>.
2025-01-28 07:28:24,816 cepces.krb5.core.Context<0x752aed9a7190>:DEBUG:Initializing cepces.krb5.core.Context<0x752aed9a7190>.
2025-01-28 07:28:24,816 cepces.krb5.core.Context<0x752aed9a7190>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x752aed937b40>
2025-01-28 07:28:24,816 cepces.krb5.core.Keytab<0x752aed9a7010>:DEBUG:Initializing cepces.krb5.core.Keytab<0x752aed9a7010>.
2025-01-28 07:28:24,816 cepces.krb5.core.Keytab<0x752aed9a7010>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x752aed937cc0>
2025-01-28 07:28:24,816 cepces.krb5.core.KeytabName<0x752aed9a7130>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x752aed9a7130>.
2025-01-28 07:28:24,816 cepces.krb5.core.KeytabName<0x752aed9a7130>:DEBUG:Handle None
2025-01-28 07:28:24,816 cepces.krb5.core.Principal<0x752aed9a6f80>:DEBUG:Initializing cepces.krb5.core.Principal<0x752aed9a6f80>.
2025-01-28 07:28:24,816 cepces.krb5.core.Principal<0x752aed9a6f80>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x752aed937dc0>
2025-01-28 07:28:24,816 cepces.krb5.core.PrincipalName<0x752aed9a6e00>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x752aed9a6e00>.
2025-01-28 07:28:24,816 cepces.krb5.core.PrincipalName<0x752aed9a6e00>:DEBUG:Handle None
2025-01-28 07:28:24,816 cepces.krb5.core.CredentialOptions<0x752aed9a6fe0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x752aed9a6fe0>.
2025-01-28 07:28:24,816 cepces.krb5.core.CredentialOptions<0x752aed9a6fe0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x752aed937d40>
2025-01-28 07:28:24,816 cepces.krb5.core.Credentials<0x752aed9a7310>:DEBUG:Initializing cepces.krb5.core.Credentials<0x752aed9a7310>.
2025-01-28 07:28:24,817 cepces.krb5.core.Credentials<0x752aed9a7310>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x752aed937e40>
2025-01-28 07:28:24,817 cepces.config.Configuration<0x752aed9a6500>:DEBUG:Initializing cepces.config.Configuration<0x752aed9a6500>.
2025-01-28 07:28:24,817 cepces.core.Service<0x752aed9a5d80>:DEBUG:Initializing cepces.core.Service<0x752aed9a5d80>.
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Initializing cepces.xcep.service.Service<0x752aed9a7190>.
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Initializing service (endpoint: https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP, auth: TransportKerberosAuthentication<0x752aed9a5660>)
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Preparing message urn:uuid:d894e688-17fe-4b28-a6ff-7a6c95434c57 to https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP with payload: b'<ns0:GetPolicies xmlns:ns0="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:client><ns0:lastUpdate xsi:nil="true" /><ns0:preferredLanguage xsi:nil="true" /></ns0:client><ns0:requestFilter><ns0:policyOIDs xsi:nil="true" /><ns0:clientVersion xsi:nil="true" /><ns0:serverVersion xsi:nil="true" /></ns0:requestFilter></ns0:GetPolicies>'
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Sending message:
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -endpoint: https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -headers: {'Content-Type': 'application/soap+xml; charset=utf-8'}
2025-01-28 07:28:24,817 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -verify: True
2025-01-28 07:28:24,818 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -auth: TransportKerberosAuthentication<0x752aed9a5660>
2025-01-28 07:28:24,818 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -data: b'<ns0:Envelope xmlns:ns0="http://www.w3.org/2003/05/soap-envelope" xmlns:ns1="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Header><ns1:Action ns0:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies</ns1:Action><ns1:MessageID>urn:uuid:d894e688-17fe-4b28-a6ff-7a6c95434c57</ns1:MessageID><ns1:To ns0:mustUnderstand="1">https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</ns1:To></ns0:Header><ns0:Body><ns2:GetPolicies><ns2:client><ns2:lastUpdate xsi:nil="true" /><ns2:preferredLanguage xsi:nil="true" /></ns2:client><ns2:requestFilter><ns2:policyOIDs xsi:nil="true" /><ns2:clientVersion xsi:nil="true" /><ns2:serverVersion xsi:nil="true" /></ns2:requestFilter></ns2:GetPolicies></ns0:Body></ns0:Envelope>'
2025-01-28 07:28:24,818 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG: -data after post-processing: b'<ns0:Envelope xmlns:ns0="http://www.w3.org/2003/05/soap-envelope" xmlns:ns1="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Header><ns1:Action ns0:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies</ns1:Action><ns1:MessageID>urn:uuid:d894e688-17fe-4b28-a6ff-7a6c95434c57</ns1:MessageID><ns1:To ns0:mustUnderstand="1">https://adcontroller.ad.root.domain.com/ADPolicyProvider_CEP_Kerberos/service.svc/CEP</ns1:To></ns0:Header><ns0:Body><ns2:GetPolicies><ns2:client><ns2:lastUpdate xsi:nil="true" /><ns2:preferredLanguage xsi:nil="true" /></ns2:client><ns2:requestFilter><ns2:policyOIDs xsi:nil="true" /><ns2:clientVersion xsi:nil="true" /><ns2:serverVersion xsi:nil="true" /></ns2:requestFilter></ns2:GetPolicies></ns0:Body></ns0:Envelope>'
/usr/lib/python3/dist-packages/urllib3/connection.py:455: SubjectAltNameWarning: Certificate for adcontroller.ad.root.domain.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
  warnings.warn(
2025-01-28 07:28:24,899 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Received message: b'<ns0:Envelope xmlns:ns0="http://www.w3.org/2003/05/soap-envelope" xmlns:ns1="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics" xmlns:ns3="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Header><ns1:Action ns0:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPoliciesResponse</ns1:Action><ns1:RelatesTo>urn:uuid:d894e688-17fe-4b28-a6ff-7a6c95434c57</ns1:RelatesTo><ns2:ActivityId CorrelationId="8429950c-c4ab-4427-806c-9e4a640ca4dd">00000000-0000-0000-0000-000000000000</ns2:ActivityId></ns0:Header><ns0:Body><ns3:GetPoliciesResponse><ns3:response><ns3:policyID>{D128C6CE-502C-43AD-9C87-7CA8432E44D5}</ns3:policyID><ns3:policyFriendlyName /><ns3:nextUpdateHours>8</ns3:nextUpdateHours><ns3:policiesNotChanged xsi:nil="true" /><ns3:policies><ns3:policy><ns3:policyOIDReference>0</ns3:policyOIDReference><ns3:cAs><ns3:cAReference>0</ns3:cAReference></ns3:cAs><ns3:attributes><ns3:commonName>ad-Machine</ns3:commonName><ns3:policySchema>2</ns3:policySchema><ns3:certificateValidity><ns3:validityPeriodSeconds>63072000</ns3:validityPeriodSeconds><ns3:renewalPeriodSeconds>3628800</ns3:renewalPeriodSeconds></ns3:certificateValidity><ns3:permission><ns3:enroll>true</ns3:enroll><ns3:autoEnroll>true</ns3:autoEnroll></ns3:permission><ns3:privateKeyAttributes><ns3:minimalKeyLength>2048</ns3:minimalKeyLength><ns3:keySpec>1</ns3:keySpec><ns3:keyUsageProperty xsi:nil="true" /><ns3:permissions xsi:nil="true" /><ns3:algorithmOIDReference xsi:nil="true" /><ns3:cryptoProviders><ns3:provider>Microsoft RSA SChannel Cryptographic Provider</ns3:provider></ns3:cryptoProviders></ns3:privateKeyAttributes><ns3:revision><ns3:majorRevision>100</ns3:majorRevision><ns3:minorRevision>6</ns3:minorRevision></ns3:revision><ns3:supersededPolicies xsi:nil="true" /><ns3:privateKeyFlags>16842752</ns3:privateKeyFlags><ns3:subjectNameFlags>134217728</ns3:subjectNameFlags><ns3:enrollmentFlags>8</ns3:enrollmentFlags><ns3:generalFlags>131680</ns3:generalFlags><ns3:hashAlgorithmOIDReference xsi:nil="true" /><ns3:rARequirements xsi:nil="true" /><ns3:keyArchivalAttributes xsi:nil="true" /><ns3:extensions><ns3:extension><ns3:oIDReference>3</ns3:oIDReference><ns3:critical>false</ns3:critical><ns3:value>MC4GJisGAQQBgjcVCIPdxyuC0JxDh62dN4HSyCuE6IAbgQeFp94Spr5qAgFkAgEG</ns3:value></ns3:extension><ns3:extension><ns3:oIDReference>4</ns3:oIDReference><ns3:critical>false</ns3:critical><ns3:value>MBQGCCsGAQUFBwMBBggrBgEFBQcDAg==</ns3:value></ns3:extension><ns3:extension><ns3:oIDReference>5</ns3:oIDReference><ns3:critical>true</ns3:critical><ns3:value>AwIFoA==</ns3:value></ns3:extension><ns3:extension><ns3:oIDReference>6</ns3:oIDReference><ns3:critical>false</ns3:critical><ns3:value>MBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwI=</ns3:value></ns3:extension></ns3:extensions></ns3:attributes></ns3:policy></ns3:policies></ns3:response><ns3:cAs><ns3:cA><ns3:uris><ns3:cAURI><ns3:clientAuthentication>2</ns3:clientAuthentication><ns3:uri>https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES</ns3:uri><ns3:priority>1</ns3:priority><ns3:renewalOnly>false</ns3:renewalOnly></ns3:cAURI></ns3:uris><ns3:certificate>MIIDqTCCApGgAwIBAgIQHfCqEdsooK5EV86pwLPKYTANBgkqhkiG9w0BAQsFADBnMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGZG9tYWluMRQwEgYKCZImiZPyLGQBGRYEcm9vdDESMBAGCgmSJomT8ixkARkWAmFkMQ4wDAYDVQQDEwVhZC1DQTAeFw0yNDEyMTkxNDMxMzJaFw0yOTEyMTkxNDQxMzJaMGcxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZkb21haW4xFDASBgoJkiaJk/IsZAEZFgRyb290MRIwEAYKCZImiZPyLGQBGRYCYWQxDjAMBgNVBAMTBWFkLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAombcROPXRp7AdimSKIu9k8b9plNfiM54B6TZchjVUjehkBCknnoHYyF/eWDYXW2ENIHtocsNw7gR7SnC0cNI8Y92QR/H/7jC88RrOa/0UGbw6X4bOXv7IKO4vFsaNImZTsR9PUffvHWBFMrqJt/nk/D9+eilK6sOc3bYQHHq1sopXAr6MlSpqdynlrMG9weXEgG56CIcYXwi33egeZ1Gi5Cmrq4HH2K6NsZiMgC0MxlKa0S9RUaAIY0GZTK32gdYmAKDr13fS3rkkBXBTkrodpRHj5BkPxvulUcohhfmWgSPUQa79Hn9TD02BSTY3G5BJvJnpl9bHw2uEJkalBRuEQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfuv4oS7Hbx6GILpAzZtAg80QjIgwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAA4bf+FCWv6M9HFUSuY/CqCRIbQxmnP8OPLr34EQ2Vq9iixuS5AwSgGXNGHd9tZZdFxChqTh/rDoyby0MD5EPGxXNVXVTBj/p3ki1u+x/wMDKMCunqyfOWS5PXhzTXGbn5GmV0k3Bdx6It3NUv8tfLrtWY5RmIOYDmKx5UhEB4XEmY+HWn1uvXBQ05wsOz8AzzsfXsLG/Yg95g89v7C25aQNIBA49wxyCGZno1fvzvLuA3xqkvTZLSrbXf2+FGHAcIbaK5US31jdz14kh5Vn2imLgEJ3UYfGWbNLBYNSbxlnefnnlyrsa6MNML6fj227DCx6oTeCa6gcxN0adkkDTY8=</ns3:certificate><ns3:enrollPermission>true</ns3:enrollPermission><ns3:cAReferenceID>0</ns3:cAReferenceID></ns3:cA></ns3:cAs><ns3:oIDs><ns3:oID><ns3:value>1.3.6.1.4.1.311.21.8.7824299.5508675.15421111.3449899.10092571.135.11136786.630634</ns3:value><ns3:group>9</ns3:group><ns3:oIDReferenceID>0</ns3:oIDReferenceID><ns3:defaultName>ad-Machine</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>1.3.6.1.5.5.7.3.1</ns3:value><ns3:group>7</ns3:group><ns3:oIDReferenceID>1</ns3:oIDReferenceID><ns3:defaultName>Server Authentication</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>1.3.6.1.5.5.7.3.2</ns3:value><ns3:group>7</ns3:group><ns3:oIDReferenceID>2</ns3:oIDReferenceID><ns3:defaultName>Client Authentication</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>1.3.6.1.4.1.311.21.7</ns3:value><ns3:group>6</ns3:group><ns3:oIDReferenceID>3</ns3:oIDReferenceID><ns3:defaultName>Certificate Template Information</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>2.5.29.37</ns3:value><ns3:group>6</ns3:group><ns3:oIDReferenceID>4</ns3:oIDReferenceID><ns3:defaultName>Enhanced Key Usage</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>2.5.29.15</ns3:value><ns3:group>6</ns3:group><ns3:oIDReferenceID>5</ns3:oIDReferenceID><ns3:defaultName>Key Usage</ns3:defaultName></ns3:oID><ns3:oID><ns3:value>1.3.6.1.4.1.311.21.10</ns3:value><ns3:group>6</ns3:group><ns3:oIDReferenceID>6</ns3:oIDReferenceID><ns3:defaultName>Application Policies</ns3:defaultName></ns3:oID></ns3:oIDs></ns3:GetPoliciesResponse></ns0:Body></ns0:Envelope>'
2025-01-28 07:28:24,899 cepces.xcep.service.Service<0x752aed9a7190>:DEBUG:Received message: b'<ns0:GetPoliciesResponse xmlns:ns0="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:response><ns0:policyID>{D128C6CE-502C-43AD-9C87-7CA8432E44D5}</ns0:policyID><ns0:policyFriendlyName /><ns0:nextUpdateHours>8</ns0:nextUpdateHours><ns0:policiesNotChanged xsi:nil="true" /><ns0:policies><ns0:policy><ns0:policyOIDReference>0</ns0:policyOIDReference><ns0:cAs><ns0:cAReference>0</ns0:cAReference></ns0:cAs><ns0:attributes><ns0:commonName>ad-Machine</ns0:commonName><ns0:policySchema>2</ns0:policySchema><ns0:certificateValidity><ns0:validityPeriodSeconds>63072000</ns0:validityPeriodSeconds><ns0:renewalPeriodSeconds>3628800</ns0:renewalPeriodSeconds></ns0:certificateValidity><ns0:permission><ns0:enroll>true</ns0:enroll><ns0:autoEnroll>true</ns0:autoEnroll></ns0:permission><ns0:privateKeyAttributes><ns0:minimalKeyLength>2048</ns0:minimalKeyLength><ns0:keySpec>1</ns0:keySpec><ns0:keyUsageProperty xsi:nil="true" /><ns0:permissions xsi:nil="true" /><ns0:algorithmOIDReference xsi:nil="true" /><ns0:cryptoProviders><ns0:provider>Microsoft RSA SChannel Cryptographic Provider</ns0:provider></ns0:cryptoProviders></ns0:privateKeyAttributes><ns0:revision><ns0:majorRevision>100</ns0:majorRevision><ns0:minorRevision>6</ns0:minorRevision></ns0:revision><ns0:supersededPolicies xsi:nil="true" /><ns0:privateKeyFlags>16842752</ns0:privateKeyFlags><ns0:subjectNameFlags>134217728</ns0:subjectNameFlags><ns0:enrollmentFlags>8</ns0:enrollmentFlags><ns0:generalFlags>131680</ns0:generalFlags><ns0:hashAlgorithmOIDReference xsi:nil="true" /><ns0:rARequirements xsi:nil="true" /><ns0:keyArchivalAttributes xsi:nil="true" /><ns0:extensions><ns0:extension><ns0:oIDReference>3</ns0:oIDReference><ns0:critical>false</ns0:critical><ns0:value>MC4GJisGAQQBgjcVCIPdxyuC0JxDh62dN4HSyCuE6IAbgQeFp94Spr5qAgFkAgEG</ns0:value></ns0:extension><ns0:extension><ns0:oIDReference>4</ns0:oIDReference><ns0:critical>false</ns0:critical><ns0:value>MBQGCCsGAQUFBwMBBggrBgEFBQcDAg==</ns0:value></ns0:extension><ns0:extension><ns0:oIDReference>5</ns0:oIDReference><ns0:critical>true</ns0:critical><ns0:value>AwIFoA==</ns0:value></ns0:extension><ns0:extension><ns0:oIDReference>6</ns0:oIDReference><ns0:critical>false</ns0:critical><ns0:value>MBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwI=</ns0:value></ns0:extension></ns0:extensions></ns0:attributes></ns0:policy></ns0:policies></ns0:response><ns0:cAs><ns0:cA><ns0:uris><ns0:cAURI><ns0:clientAuthentication>2</ns0:clientAuthentication><ns0:uri>https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES</ns0:uri><ns0:priority>1</ns0:priority><ns0:renewalOnly>false</ns0:renewalOnly></ns0:cAURI></ns0:uris><ns0:certificate>MIIDqTCCApGgAwIBAgIQHfCqEdsooK5EV86pwLPKYTANBgkqhkiG9w0BAQsFADBnMRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGZG9tYWluMRQwEgYKCZImiZPyLGQBGRYEcm9vdDESMBAGCgmSJomT8ixkARkWAmFkMQ4wDAYDVQQDEwVhZC1DQTAeFw0yNDEyMTkxNDMxMzJaFw0yOTEyMTkxNDQxMzJaMGcxEzARBgoJkiaJk/IsZAEZFgNjb20xFjAUBgoJkiaJk/IsZAEZFgZkb21haW4xFDASBgoJkiaJk/IsZAEZFgRyb290MRIwEAYKCZImiZPyLGQBGRYCYWQxDjAMBgNVBAMTBWFkLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAombcROPXRp7AdimSKIu9k8b9plNfiM54B6TZchjVUjehkBCknnoHYyF/eWDYXW2ENIHtocsNw7gR7SnC0cNI8Y92QR/H/7jC88RrOa/0UGbw6X4bOXv7IKO4vFsaNImZTsR9PUffvHWBFMrqJt/nk/D9+eilK6sOc3bYQHHq1sopXAr6MlSpqdynlrMG9weXEgG56CIcYXwi33egeZ1Gi5Cmrq4HH2K6NsZiMgC0MxlKa0S9RUaAIY0GZTK32gdYmAKDr13fS3rkkBXBTkrodpRHj5BkPxvulUcohhfmWgSPUQa79Hn9TD02BSTY3G5BJvJnpl9bHw2uEJkalBRuEQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfuv4oS7Hbx6GILpAzZtAg80QjIgwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAA4bf+FCWv6M9HFUSuY/CqCRIbQxmnP8OPLr34EQ2Vq9iixuS5AwSgGXNGHd9tZZdFxChqTh/rDoyby0MD5EPGxXNVXVTBj/p3ki1u+x/wMDKMCunqyfOWS5PXhzTXGbn5GmV0k3Bdx6It3NUv8tfLrtWY5RmIOYDmKx5UhEB4XEmY+HWn1uvXBQ05wsOz8AzzsfXsLG/Yg95g89v7C25aQNIBA49wxyCGZno1fvzvLuA3xqkvTZLSrbXf2+FGHAcIbaK5US31jdz14kh5Vn2imLgEJ3UYfGWbNLBYNSbxlnefnnlyrsa6MNML6fj227DCx6oTeCa6gcxN0adkkDTY8=</ns0:certificate><ns0:enrollPermission>true</ns0:enrollPermission><ns0:cAReferenceID>0</ns0:cAReferenceID></ns0:cA></ns0:cAs><ns0:oIDs><ns0:oID><ns0:value>1.3.6.1.4.1.311.21.8.7824299.5508675.15421111.3449899.10092571.135.11136786.630634</ns0:value><ns0:group>9</ns0:group><ns0:oIDReferenceID>0</ns0:oIDReferenceID><ns0:defaultName>ad-Machine</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>1.3.6.1.5.5.7.3.1</ns0:value><ns0:group>7</ns0:group><ns0:oIDReferenceID>1</ns0:oIDReferenceID><ns0:defaultName>Server Authentication</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>1.3.6.1.5.5.7.3.2</ns0:value><ns0:group>7</ns0:group><ns0:oIDReferenceID>2</ns0:oIDReferenceID><ns0:defaultName>Client Authentication</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>1.3.6.1.4.1.311.21.7</ns0:value><ns0:group>6</ns0:group><ns0:oIDReferenceID>3</ns0:oIDReferenceID><ns0:defaultName>Certificate Template Information</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>2.5.29.37</ns0:value><ns0:group>6</ns0:group><ns0:oIDReferenceID>4</ns0:oIDReferenceID><ns0:defaultName>Enhanced Key Usage</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>2.5.29.15</ns0:value><ns0:group>6</ns0:group><ns0:oIDReferenceID>5</ns0:oIDReferenceID><ns0:defaultName>Key Usage</ns0:defaultName></ns0:oID><ns0:oID><ns0:value>1.3.6.1.4.1.311.21.10</ns0:value><ns0:group>6</ns0:group><ns0:oIDReferenceID>6</ns0:oIDReferenceID><ns0:defaultName>Application Policies</ns0:defaultName></ns0:oID></ns0:oIDs></ns0:GetPoliciesResponse>'
2025-01-28 07:28:24,899 cepces.certmonger.operation.GetSupportedTemplates<0x752aee9aba30>:DEBUG:Initializing cepces.certmonger.operation.GetSupportedTemplates<0x752aee9aba30>.
ad-Machine

