Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SqlRS: Add SSL functionality #587

Open
johlju opened this issue May 27, 2017 · 3 comments · May be fixed by #1758
Open

SqlRS: Add SSL functionality #587

johlju opened this issue May 27, 2017 · 3 comments · May be fixed by #1758
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.

Comments

@johlju
Copy link
Member

johlju commented May 27, 2017
edited

Details of the scenario you tried and the problem that is occurring:
I suggest add SSL functionality to resource SqlRS.

The suggested change in issue #990 removing SqlRSSecureConnectionLevel and adding SecureConnectionLevel to the SqlRS resource will only change the value of property SecureConnectionLevel, it does not add new ports or bind a certificate to the configuration.

Articles.

How Certificate Bindings Are Stored
Using Secure Web Service Methods
ConfigurationSetting Method - SetSecureConnectionLevel
RsReportServer.config Configuration File

The DSC configuration that is using the resource (as detailed as possible):
n/a

Version of the Operating System, SQL Server and PowerShell the DSC Target Node is running:
n/a

What module (SqlServer or SQLPS) and which version of the module the DSC Target Node is running:
n/a

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
Dev
@johlju johlju added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels May 27, 2017
This was referenced May 27, 2017
Closed
Closed
Closed
Closed
Closed
@johlju johlju changed the title xSQLServerRSConfig: Add SSL functionality (deprecate xSQLServerRSSecureConnectionLevel) SqlRS: Add SSL functionality (deprecate xSQLServerRSSecureConnectionLevel) Dec 24, 2017
@johlju
Copy link
Member Author

johlju commented Dec 30, 2017

More documentation for this issue:

ConfigurationSetting Method - CreateSSLCertificateBinding
ConfigurationSetting Method - ListSSLCertificateBindings
ConfigurationSetting Method - ListSSLCertificates

@johlju
Copy link
Member Author

johlju commented Dec 30, 2017
edited

@PlagueHO are you adding/creating a certificate to the AppVeyor build worker in any integration test in any of the resource modules? If so, maybe I can copy that?
I was thinking of using Let's encrypt but I thinking that one is not allowed to renew the certificate for each push. I did maybe 40 pushes today alone, that would mean 40 renews, unless we keep the certificate somewhere to download. But not sure how Let's encrypt work so have to look in to it. But if you already have a working solution then that would make things a lot easier.

@johlju johlju changed the title SqlRS: Add SSL functionality (deprecate xSQLServerRSSecureConnectionLevel) SqlRS: Add SSL functionality Jan 1, 2018
@johlju johlju mentioned this issue Jan 1, 2018
Closed
@SteveL-MSFT SteveL-MSFT added this to Help Wanted in powershell/dscresources May 14, 2019
@SteveL-MSFT SteveL-MSFT removed this from Help Wanted in powershell/dscresources Nov 27, 2019
@randomnote1 randomnote1 linked a pull request Jun 17, 2022 that will close this issue
Open
9 tasks
@randomnote1
Copy link
Contributor

randomnote1 commented Jun 20, 2022
edited

@johlju, in thinking this one through, I think we have two options.

  1. Pass in a hashtable (or PSObject) for each application (ReportServerWebService, ReportServerWebApp, PowerBIWebApp) which contains the following properties:
    • Application
    • CertificateHash (Thumbprint)
    • IPAddress (0.0.0.0 will bind to all IP addresses)
    • Port
  2. Supply the following properties and they will be applied to all of the applications
    • HttpsCertificateThumbprint
    • HttpsIPAddress (default 0.0.0.0)
    • HttpsPort (default 443)

I think I like the 2nd option better for simplicity, but the first option allows more flexibility even though it will be more difficult to use. Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

SQLRS: Various improvements randomnote1/SqlServerDsc
2 participants
@johlju @randomnote1