[英]Desired State Configuration HTTPS Doesn't Work
I've created a domain certificate for my DSC web pull server (issued by my internal CA) and retrieved the thumbprint. 我已经为我的DSC Web拉取服务器创建了域证书(由内部CA颁发),并检索了指纹。
I exported the certificate from inetmgr and installed it on the pull server (both local machine and user). 我从inetmgr导出了证书,并将其安装在拉式服务器(本地计算机和用户)上。
I then put the thumbprint in the script in the CertificateThumbprint parameter. 然后,将指纹放在CertificateThumbprint参数中的脚本中。
However when I re-run the config script to generate the new MOF and restart the DSC configuration, I can still only get to the site via http and not https. 但是,当我重新运行配置脚本以生成新的MOF并重新启动DSC配置时,我仍然只能通过http而不是https到达该站点。
When I try to navigate to the pull server site with https I get TLS warnings. 当我尝试使用https导航到请求服务器站点时,我收到TLS警告。 (I'm on Windows Server 2016, PS version 5.1)
(我使用的是Windows Server 2016,PS版本5.1)
Cheers 干杯
EDIT: 编辑:
Below is the script for generating the MOF with the thumbprint inside. 下面是生成带有指纹的MOF的脚本。
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDSCWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
AcceptSelfSignedCertificates = $true
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = '881B26142BABAFEF7490FB1CD48EA1D572628087'
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
UseSecurityBestPractices = $True
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = 'AllowUnencryptedTraffic'
State = "Started"
UseSecurityBestPractices = $True
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pullsrv01 -verbose
And here is an image of the TLS message when I try to navigate to the https site 这是当我尝试导航到https站点时TLS消息的图像
我设法通过使用证书FYI在IIS中为PS DSC Pull Server站点添加站点绑定来解决此问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.