堆栈内存溢出
  简体   繁体   English

所需状态配置HTTPS不起作用

[英]Desired State Configuration HTTPS Doesn't Work

 原文  2017-04-11 08:19:02       powershell/ ssl/ dsc

问题描述

I've created a domain certificate for my DSC web pull server (issued by my internal CA) and retrieved the thumbprint. 我已经为我的DSC Web拉取服务器创建了域证书(由内部CA颁发),并检索了指纹。
I exported the certificate from inetmgr and installed it on the pull server (both local machine and user). 我从inetmgr导出了证书,并将其安装在拉式服务器(本地计算机和用户)上。
I then put the thumbprint in the script in the CertificateThumbprint parameter. 然后,将指纹放在CertificateThumbprint参数中的脚本中。

However when I re-run the config script to generate the new MOF and restart the DSC configuration, I can still only get to the site via http and not https. 但是,当我重新运行配置脚本以生成新的MOF并重新启动DSC配置时,我仍然只能通过http而不是https到达该站点。

When I try to navigate to the pull server site with https I get TLS warnings. 当我尝试使用https导航到请求服务器站点时,我收到TLS警告。 (I'm on Windows Server 2016, PS version 5.1) (我使用的是Windows Server 2016,PS版本5.1)

Cheers 干杯

EDIT: 编辑:

Below is the script for generating the MOF with the thumbprint inside. 下面是生成带有指纹的MOF的脚本。 

 configuration CreatePullServer
 {
 param
 (
 [string[]]$ComputerName = 'localhost'
 )

Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration

Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
  Ensure = "Present"
  Name  = "DSC-Service"
}

xDSCWebService PSDSCPullServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCPullServer"
  AcceptSelfSignedCertificates = $true
  Port          = 8080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
  CertificateThumbPrint  = '881B26142BABAFEF7490FB1CD48EA1D572628087'
  ModulePath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
  ConfigurationPath    = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = "[WindowsFeature]DSCServiceFeature"
}

xDscWebService PSDSCComplianceServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCComplianceServer"
  Port          = 9080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
  CertificateThumbPrint  = 'AllowUnencryptedTraffic'
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}

}

}

CreatePullServer -ComputerName pullsrv01 -verbose

And here is an image of the TLS message when I try to navigate to the https site 这是当我尝试导航到https站点时TLS消息的图像

1 个解决方案

解决方案1
 0 已采纳  2017-04-13 09:03:23

我设法通过使用证书FYI在IIS中为PS DSC Pull Server站点添加站点绑定来解决此问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 所需状态配置 - Desired state configuration 所需状态配置xWebsite - Desired State Configuration xWebsite DSC(所需状态配置) - DSC (Desired State Configuration) PowerShell所需的状态配置 - 如何 - PowerShell Desired State Configuration -WhatIf 对于所需状态配置文件资源,为什么凭据有效,而PsDscRunAsCredential不起作用? - For a Desired State Configuration File resource, why does Credential work, and PsDscRunAsCredential does not? 无法在所需状态配置中运行节点和脚本 - Unable to run Node and Script in Desired State Configuration 所需状态配置无法从脚本资源Get块获取哈希表 - Desired State Configuration can't get hash table from Script resource Get block 使用DSC(所需状态配置)安装Windows服务 - Install windows service using DSC (Desired State Configuration) 如何使用PowerShell所需状态配置升级Windows服务 - How to upgrade windows service using PowerShell Desired State Configuration 具有所需状态配置错误的SharePoint搜索服务设置 - SharePoint search service setup with desired state configuration error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM