我为我的DSC网络拉取服务器(由我的内部CA发布)创建了一个域证书并检索了指纹。
我从inetmgr导出证书并将其安装在拉取服务器(本地机器和用户)上
然后我将指纹放在CertificateThumbprint参数的脚本中。
然而,当我重新运行配置脚本以生成新的MOF并重新启动DSC配置时,我仍然只能通过http而不是https访问该站点。
当我尝试使用https导航到拉服务器站点时,我收到了TLS警告。 (我在Windows Server 2016,PS版本5.1)
干杯
编辑:
下面是用于生成带有指纹的MOF的脚本。
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDSCWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
AcceptSelfSignedCertificates = $true
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = '881B26142BABAFEF7490FB1CD48EA1D572628087'
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
UseSecurityBestPractices = $True
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = 'AllowUnencryptedTraffic'
State = "Started"
UseSecurityBestPractices = $True
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pullsrv01 -verbose
And here is an image of the TLS message when I try to navigate to the https site
答案 0 :(得分:0)
我设法通过在IIS中为PS DSC Pull Server站点添加一个站点绑定来解决此问题,该站点绑定带有证书,仅供参考。