所需的状态配置HTTPS不起作用

时间:2017-04-11 08:19:03

标签: powershell ssl dsc

我为我的DSC网络拉取服务器(由我的内部CA发布)创建了一个域证书并检索了指纹。
我从inetmgr导出证书并将其安装在拉取服务器(本地机器和用户)上 然后我将指纹放在CertificateThumbprint参数的脚本中。

然而,当我重新运行配置脚本以生成新的MOF并重新启动DSC配置时,我仍然只能通过http而不是https访问该站点。

当我尝试使用https导航到拉服务器站点时,我收到了TLS警告。 (我在Windows Server 2016,PS版本5.1)

干杯

编辑:

下面是用于生成带有指纹的MOF的脚本。

 configuration CreatePullServer
 {
 param
 (
 [string[]]$ComputerName = 'localhost'
 )

Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration

Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
  Ensure = "Present"
  Name  = "DSC-Service"
}

xDSCWebService PSDSCPullServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCPullServer"
  AcceptSelfSignedCertificates = $true
  Port          = 8080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
  CertificateThumbPrint  = '881B26142BABAFEF7490FB1CD48EA1D572628087'
  ModulePath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
  ConfigurationPath    = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = "[WindowsFeature]DSCServiceFeature"
}

xDscWebService PSDSCComplianceServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCComplianceServer"
  Port          = 9080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
  CertificateThumbPrint  = 'AllowUnencryptedTraffic'
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}

}

}

CreatePullServer -ComputerName pullsrv01 -verbose

And here is an image of the TLS message when I try to navigate to the https site

1 个答案:

答案 0 :(得分:0)

我设法通过在IIS中为PS DSC Pull Server站点添加一个站点绑定来解决此问题,该站点绑定带有证书,仅供参考。