New-TPPCertificate function does not add SubjectDN fields and created certs cannot be obtained via Get-TPPCertificate

[MichalZyzakCS]

Hello.
We want to use PowerShell to automate certificate provisioning via Venafi API during machine rebuild process (re-imaging). I run New-TPPCertificate with parameters Path and Name.
Command completes properly without error nor warning. I receive GUID and CertificateDN.
I can find the certificate using Find-TPPCertificate
I can successfully validate the certificate using Invoke-VenafiCertificateAction -Validate
However I cannot obtain that cert using Get-TPPCertificate as I'm getting error that SubjectDN is empty.

Exact error: "500 : {"Stage" : 0, "Status" : "Request DN is empty. Please configure the certificate properly"}

How is that a command that creates a certificate completes successfully but creates a bad cert?
How is that a command that validates a certificate claims that a bad cert is actually valid?

Environment:

Test lab, no internet access, only on-prem intranet.

Operating System: Windows 10 20H2
VenafiPS version: 4.2.4
PowerShell version: 5.1

Steps to reproduce

Import-Module VenafiPS
$Server = "https://test-server-domain.net"
$YID = Get-Credential -Credential "TestAccount"
New-VenafiSession -Server $Server -Verbose -Credential $YID
$PCName = $env:computername
$PCFQDN = ($PCName,$env:USERDNSDOMAIN) -join('.')
$PCType = "Desktops"
$CertPath = "\VED\Policy\Certs\v1\$PCType"
$CAPath = "\VED\Policy\Administration\CAs\TestTempalte1"
New-TppCertificate -Path $CertPath -Name $PCName -Verbose
Get-TppCertificate -CertificateID "$CertPath\$PCName" -Format "DER"

Expected behavior

I should get the cert

Actual behavior

"500 : {"Stage" : 0, "Status" : "Request DN is empty. Please configure the certificate properly"}

Screenshots

[gdbarron]

Hi @MichalZyzakCS, thanks for reporting this. What you are seeing is a combination of a few things. As you pointed out, the SubjectDN is empty and it makes sense to default to using the name provided; this has been fixed with #112.

Prior to TPP 22.1, all certificate requests are asynchronous and immediately return. Beginning with 22.1, you can set a timeout to control this behavior and respond as you are expecting. A global timeout can be set, https://docs.venafi.com/Docs/currentSDK/TopNav/Content/SDK/WebSDK/r-SDK-Certificates-API-settings.php, or, you can provide it as a parameter to New-TppCertificate itself (also fixed with #112).

Also, validation is used for network and installation validation. If you are looking to validate the creation of a certificate, use Get-VenafiCertificate and look at ProcessingDetails.