administrator@ad.root.domain.com@jammy-client:~$ sudo CERTMONGER_OPERATION=GET-SUPPORTED-TEMPLATES /usr/libexec/certmonger/cepces-submit --endpoint=https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0
2025-01-28 07:26:20,015 cepces.config.Configuration:DEBUG:Initializing application configuration.
2025-01-28 07:26:20,015 cepces.config.Configuration:DEBUG:Reading: /etc/cepces/cepces.conf
2025-01-28 07:26:20,015 cepces.auth.KerberosAuthenticationHandler<0x7e1690609d80>:DEBUG:Initializing cepces.auth.KerberosAuthenticationHandler<0x7e1690609d80>.
2025-01-28 07:26:20,016 cepces.soap.auth.TransportKerberosAuthentication<0x7e1690609660>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x7e1690609660>.
2025-01-28 07:26:20,016 cepces.krb5.core.Context<0x7e169060a6b0>:DEBUG:Initializing cepces.krb5.core.Context<0x7e169060a6b0>.
2025-01-28 07:26:20,016 cepces.krb5.core.Context<0x7e169060a6b0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x7e169059f6c0>
2025-01-28 07:26:20,016 cepces.krb5.core.Keytab<0x7e169060a800>:DEBUG:Initializing cepces.krb5.core.Keytab<0x7e169060a800>.
2025-01-28 07:26:20,016 cepces.krb5.core.Keytab<0x7e169060a800>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x7e169059f940>
2025-01-28 07:26:20,016 cepces.krb5.core.KeytabName<0x7e169060a890>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x7e169060a890>.
2025-01-28 07:26:20,016 cepces.krb5.core.KeytabName<0x7e169060a890>:DEBUG:Handle None
2025-01-28 07:26:20,016 cepces.krb5.core.Principal<0x7e169060a9b0>:DEBUG:Initializing cepces.krb5.core.Principal<0x7e169060a9b0>.
2025-01-28 07:26:20,016 cepces.krb5.core.Principal<0x7e169060a9b0>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x7e169059fac0>
2025-01-28 07:26:20,016 cepces.krb5.core.PrincipalName<0x7e169060aa70>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x7e169060aa70>.
2025-01-28 07:26:20,016 cepces.krb5.core.PrincipalName<0x7e169060aa70>:DEBUG:Handle None
2025-01-28 07:26:20,016 cepces.krb5.core.CredentialOptions<0x7e169060a9e0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x7e169060a9e0>.
2025-01-28 07:26:20,016 cepces.krb5.core.CredentialOptions<0x7e169060a9e0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x7e169059f9c0>
2025-01-28 07:26:20,016 cepces.krb5.core.Credentials<0x7e169060ab60>:DEBUG:Initializing cepces.krb5.core.Credentials<0x7e169060ab60>.
2025-01-28 07:26:20,016 cepces.krb5.core.Credentials<0x7e169060ab60>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x7e169059fb40>
2025-01-28 07:26:20,017 cepces.soap.auth.TransportKerberosAuthentication<0x7e1690609660>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x7e1690609660>.
2025-01-28 07:26:20,017 cepces.krb5.core.Context<0x7e169060ab30>:DEBUG:Initializing cepces.krb5.core.Context<0x7e169060ab30>.
2025-01-28 07:26:20,017 cepces.krb5.core.Context<0x7e169060ab30>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x7e169059f6c0>
2025-01-28 07:26:20,017 cepces.krb5.core.Keytab<0x7e169060a9b0>:DEBUG:Initializing cepces.krb5.core.Keytab<0x7e169060a9b0>.
2025-01-28 07:26:20,017 cepces.krb5.core.Keytab<0x7e169060a9b0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x7e169059fac0>
2025-01-28 07:26:20,017 cepces.krb5.core.KeytabName<0x7e169060ab90>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x7e169060ab90>.
2025-01-28 07:26:20,017 cepces.krb5.core.KeytabName<0x7e169060ab90>:DEBUG:Handle None
2025-01-28 07:26:20,017 cepces.krb5.core.Principal<0x7e169060a890>:DEBUG:Initializing cepces.krb5.core.Principal<0x7e169060a890>.
2025-01-28 07:26:20,017 cepces.krb5.core.Principal<0x7e169060a890>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x7e169059f9c0>
2025-01-28 07:26:20,017 cepces.krb5.core.PrincipalName<0x7e1690609750>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x7e1690609750>.
2025-01-28 07:26:20,017 cepces.krb5.core.PrincipalName<0x7e1690609750>:DEBUG:Handle None
2025-01-28 07:26:20,017 cepces.krb5.core.CredentialOptions<0x7e169060a8f0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x7e169060a8f0>.
2025-01-28 07:26:20,017 cepces.krb5.core.CredentialOptions<0x7e169060a8f0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x7e169059f940>
2025-01-28 07:26:20,017 cepces.krb5.core.Credentials<0x7e169060aec0>:DEBUG:Initializing cepces.krb5.core.Credentials<0x7e169060aec0>.
2025-01-28 07:26:20,017 cepces.krb5.core.Credentials<0x7e169060aec0>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x7e169059fb40>
2025-01-28 07:26:20,020 cepces.krb5.core.CredentialCache<0x7e169060a950>:DEBUG:Initializing cepces.krb5.core.CredentialCache<0x7e169060a950>.
2025-01-28 07:26:20,020 cepces.krb5.core.CredentialCache<0x7e169060a950>:DEBUG:Handle <cepces.krb5.types.LP__krb5_ccache object at 0x7e169059fc40>
2025-01-28 07:26:20,020 cepces.soap.auth.TransportKerberosAuthentication<0x7e169060a680>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x7e169060a680>.
2025-01-28 07:26:20,020 cepces.krb5.core.Context<0x7e169060aad0>:DEBUG:Initializing cepces.krb5.core.Context<0x7e169060aad0>.
2025-01-28 07:26:20,020 cepces.krb5.core.Context<0x7e169060aad0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x7e169059fbc0>
2025-01-28 07:26:20,020 cepces.krb5.core.Keytab<0x7e169060aef0>:DEBUG:Initializing cepces.krb5.core.Keytab<0x7e169060aef0>.
2025-01-28 07:26:20,021 cepces.krb5.core.Keytab<0x7e169060aef0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x7e169059fdc0>
2025-01-28 07:26:20,021 cepces.krb5.core.KeytabName<0x7e169060af80>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x7e169060af80>.
2025-01-28 07:26:20,021 cepces.krb5.core.KeytabName<0x7e169060af80>:DEBUG:Handle None
2025-01-28 07:26:20,021 cepces.krb5.core.Principal<0x7e169060b010>:DEBUG:Initializing cepces.krb5.core.Principal<0x7e169060b010>.
2025-01-28 07:26:20,021 cepces.krb5.core.Principal<0x7e169060b010>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x7e169059fd40>
2025-01-28 07:26:20,021 cepces.krb5.core.PrincipalName<0x7e169060b0d0>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x7e169060b0d0>.
2025-01-28 07:26:20,021 cepces.krb5.core.PrincipalName<0x7e169060b0d0>:DEBUG:Handle None
2025-01-28 07:26:20,021 cepces.krb5.core.CredentialOptions<0x7e169060b040>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x7e169060b040>.
2025-01-28 07:26:20,021 cepces.krb5.core.CredentialOptions<0x7e169060b040>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x7e169059fe40>
2025-01-28 07:26:20,021 cepces.krb5.core.Credentials<0x7e169060b1c0>:DEBUG:Initializing cepces.krb5.core.Credentials<0x7e169060b1c0>.
2025-01-28 07:26:20,021 cepces.krb5.core.Credentials<0x7e169060b1c0>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x7e169059fec0>
2025-01-28 07:26:20,022 cepces.soap.auth.TransportKerberosAuthentication<0x7e169060a680>:DEBUG:Initializing cepces.soap.auth.TransportKerberosAuthentication<0x7e169060a680>.
2025-01-28 07:26:20,022 cepces.krb5.core.Context<0x7e169060b190>:DEBUG:Initializing cepces.krb5.core.Context<0x7e169060b190>.
2025-01-28 07:26:20,022 cepces.krb5.core.Context<0x7e169060b190>:DEBUG:Handle <cepces.krb5.types.LP__krb5_context object at 0x7e169059fbc0>
2025-01-28 07:26:20,022 cepces.krb5.core.Keytab<0x7e169060b010>:DEBUG:Initializing cepces.krb5.core.Keytab<0x7e169060b010>.
2025-01-28 07:26:20,022 cepces.krb5.core.Keytab<0x7e169060b010>:DEBUG:Handle <cepces.krb5.types.LP__krb5_kt object at 0x7e169059fd40>
2025-01-28 07:26:20,022 cepces.krb5.core.KeytabName<0x7e169060b130>:DEBUG:Initializing cepces.krb5.core.KeytabName<0x7e169060b130>.
2025-01-28 07:26:20,022 cepces.krb5.core.KeytabName<0x7e169060b130>:DEBUG:Handle None
2025-01-28 07:26:20,022 cepces.krb5.core.Principal<0x7e169060af80>:DEBUG:Initializing cepces.krb5.core.Principal<0x7e169060af80>.
2025-01-28 07:26:20,022 cepces.krb5.core.Principal<0x7e169060af80>:DEBUG:Handle <cepces.krb5.types.LP_krb5_principal_data object at 0x7e169059fe40>
2025-01-28 07:26:20,022 cepces.krb5.core.PrincipalName<0x7e169060ae00>:DEBUG:Initializing cepces.krb5.core.PrincipalName<0x7e169060ae00>.
2025-01-28 07:26:20,022 cepces.krb5.core.PrincipalName<0x7e169060ae00>:DEBUG:Handle None
2025-01-28 07:26:20,022 cepces.krb5.core.CredentialOptions<0x7e169060afe0>:DEBUG:Initializing cepces.krb5.core.CredentialOptions<0x7e169060afe0>.
2025-01-28 07:26:20,022 cepces.krb5.core.CredentialOptions<0x7e169060afe0>:DEBUG:Handle <cepces.krb5.types.LP__krb5_get_init_creds_opt object at 0x7e169059fdc0>
2025-01-28 07:26:20,022 cepces.krb5.core.Credentials<0x7e169060b310>:DEBUG:Initializing cepces.krb5.core.Credentials<0x7e169060b310>.
2025-01-28 07:26:20,022 cepces.krb5.core.Credentials<0x7e169060b310>:DEBUG:Handle <cepces.krb5.types._krb5_creds object at 0x7e169059fec0>
2025-01-28 07:26:20,022 cepces.config.Configuration<0x7e169060a500>:DEBUG:Initializing cepces.config.Configuration<0x7e169060a500>.
2025-01-28 07:26:20,022 cepces.core.Service<0x7e1690609d80>:DEBUG:Initializing cepces.core.Service<0x7e1690609d80>.
2025-01-28 07:26:20,022 cepces.xcep.service.Service<0x7e169060b190>:DEBUG:Initializing cepces.xcep.service.Service<0x7e169060b190>.
2025-01-28 07:26:20,022 cepces.xcep.service.Service<0x7e169060b190>:DEBUG:Initializing service (endpoint: https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0, auth: TransportKerberosAuthentication<0x7e1690609660>)
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG:Preparing message urn:uuid:5d926b55-fb7d-4823-83fb-c25b4e3f9734 to https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0 with payload: b'<ns0:GetPolicies xmlns:ns0="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:client><ns0:lastUpdate xsi:nil="true" /><ns0:preferredLanguage xsi:nil="true" /></ns0:client><ns0:requestFilter><ns0:policyOIDs xsi:nil="true" /><ns0:clientVersion xsi:nil="true" /><ns0:serverVersion xsi:nil="true" /></ns0:requestFilter></ns0:GetPolicies>'
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG:Sending message:
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -endpoint: https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -headers: {'Content-Type': 'application/soap+xml; charset=utf-8'}
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -verify: True
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -auth: TransportKerberosAuthentication<0x7e1690609660>
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -data: b'<ns0:Envelope xmlns:ns0="http://www.w3.org/2003/05/soap-envelope" xmlns:ns1="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Header><ns1:Action ns0:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies</ns1:Action><ns1:MessageID>urn:uuid:5d926b55-fb7d-4823-83fb-c25b4e3f9734</ns1:MessageID><ns1:To ns0:mustUnderstand="1">https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0</ns1:To></ns0:Header><ns0:Body><ns2:GetPolicies><ns2:client><ns2:lastUpdate xsi:nil="true" /><ns2:preferredLanguage xsi:nil="true" /></ns2:client><ns2:requestFilter><ns2:policyOIDs xsi:nil="true" /><ns2:clientVersion xsi:nil="true" /><ns2:serverVersion xsi:nil="true" /></ns2:requestFilter></ns2:GetPolicies></ns0:Body></ns0:Envelope>'
2025-01-28 07:26:20,023 cepces.xcep.service.Service<0x7e169060b190>:DEBUG: -data after post-processing: b'<ns0:Envelope xmlns:ns0="http://www.w3.org/2003/05/soap-envelope" xmlns:ns1="http://www.w3.org/2005/08/addressing" xmlns:ns2="http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ns0:Header><ns1:Action ns0:mustUnderstand="1">http://schemas.microsoft.com/windows/pki/2009/01/enrollmentpolicy/IPolicy/GetPolicies</ns1:Action><ns1:MessageID>urn:uuid:5d926b55-fb7d-4823-83fb-c25b4e3f9734</ns1:MessageID><ns1:To ns0:mustUnderstand="1">https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0</ns1:To></ns0:Header><ns0:Body><ns2:GetPolicies><ns2:client><ns2:lastUpdate xsi:nil="true" /><ns2:preferredLanguage xsi:nil="true" /></ns2:client><ns2:requestFilter><ns2:policyOIDs xsi:nil="true" /><ns2:clientVersion xsi:nil="true" /><ns2:serverVersion xsi:nil="true" /></ns2:requestFilter></ns2:GetPolicies></ns0:Body></ns0:Envelope>'
/usr/lib/python3/dist-packages/urllib3/connection.py:455: SubjectAltNameWarning: Certificate for adcontroller.ad.root.domain.com has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/urllib3/urllib3/issues/497 for details.)
  warnings.warn(
2025-01-28 07:26:20,108 __main__:ERROR:Traceback (most recent call last):
  File "/usr/libexec/certmonger/cepces-submit", line 68, in main
    service = Service(config)
  File "/usr/lib/python3/dist-packages/cepces/core.py", line 90, in __init__
    self._policies = self._xcep.get_policies()
  File "/usr/lib/python3/dist-packages/cepces/xcep/service.py", line 52, in get_policies
    response = self.send(envelope)
  File "/usr/lib/python3/dist-packages/cepces/soap/service.py", line 93, in send
    req.raise_for_status()
  File "/usr/lib/python3/dist-packages/requests/models.py", line 943, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://adcontroller.ad.root.domain.com/ad-CA_CES_Kerberos/service.svc/CES0

