所需的状态配置 HTTPS 不起作用
Desired State Configuration HTTPS Doesn't Work
我已经为我的 DSC 网络拉取服务器创建了域证书(由我的内部 CA 颁发)并检索了指纹。
我从 inetmgr 导出证书并将其安装在拉取服务器(本地计算机和用户)上。
然后,我将指纹放入脚本中的 CertificateThumbprint 参数中。
然而,当我重新运行配置脚本以生成新的 MOF 并重新启动 DSC 配置时,我仍然只能通过 http 而不是 https 访问该站点。
当我尝试使用 https 导航到拉取服务器站点时,我收到了 TLS 警告。
(我在 Windows Server 2016,PS 5.1 版)
干杯
编辑:
下面是生成带有指纹的 MOF 的脚本。
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDSCWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
AcceptSelfSignedCertificates = $true
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = '881B26142BABAFEF7490FB1CD48EA1D572628087'
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
UseSecurityBestPractices = $True
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = 'AllowUnencryptedTraffic'
State = "Started"
UseSecurityBestPractices = $True
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pullsrv01 -verbose
And here is an image of the TLS message when I try to navigate to the https site
我设法通过在 IIS 中使用证书为 PS DSC Pull Server 站点添加站点绑定来解决此问题,仅供参考。
我已经为我的 DSC 网络拉取服务器创建了域证书(由我的内部 CA 颁发)并检索了指纹。
我从 inetmgr 导出证书并将其安装在拉取服务器(本地计算机和用户)上。
然后,我将指纹放入脚本中的 CertificateThumbprint 参数中。
然而,当我重新运行配置脚本以生成新的 MOF 并重新启动 DSC 配置时,我仍然只能通过 http 而不是 https 访问该站点。
当我尝试使用 https 导航到拉取服务器站点时,我收到了 TLS 警告。 (我在 Windows Server 2016,PS 5.1 版)
干杯
编辑:
下面是生成带有指纹的 MOF 的脚本。
configuration CreatePullServer
{
param
(
[string[]]$ComputerName = 'localhost'
)
Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration
Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
Ensure = "Present"
Name = "DSC-Service"
}
xDSCWebService PSDSCPullServer
{
Ensure = "Present"
EndpointName = "PSDSCPullServer"
AcceptSelfSignedCertificates = $true
Port = 8080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
CertificateThumbPrint = '881B26142BABAFEF7490FB1CD48EA1D572628087'
ModulePath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
ConfigurationPath = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
State = "Started"
UseSecurityBestPractices = $True
DependsOn = "[WindowsFeature]DSCServiceFeature"
}
xDscWebService PSDSCComplianceServer
{
Ensure = "Present"
EndpointName = "PSDSCComplianceServer"
Port = 9080
PhysicalPath = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
CertificateThumbPrint = 'AllowUnencryptedTraffic'
State = "Started"
UseSecurityBestPractices = $True
DependsOn = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}
}
}
CreatePullServer -ComputerName pullsrv01 -verbose
And here is an image of the TLS message when I try to navigate to the https site
我设法通过在 IIS 中使用证书为 PS DSC Pull Server 站点添加站点绑定来解决此问题,仅供参考。