Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Allow xWebService to select Certificate to use for SSL via Subject Name #205

Closed
PlagueHO opened this issue Aug 23, 2016 · 2 comments
Closed

Feature: Allow xWebService to select Certificate to use for SSL via Subject Name #205

PlagueHO opened this issue Aug 23, 2016 · 2 comments
Labels
enhancement The issue is an enhancement request.

Comments

@PlagueHO
Copy link
Member

This would allow configurations to be created that would use the xCertificate/xCertReq DSC resource to request the certificate to use from a CA and then the DSC Pull Server could locate and consume the certificate.

At the moment there has to be a semi manual process for getting the certificate onto the DSC Pull Server and assigning the thumbprint.

This would require making the CertificateThumbPrint parameter optional and adding a certificate subject parameter.

This would allow the following configuration (:

Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DSCResource -ModuleName xCertificate

Node $NodeName
{
     WindowsFeature DSCServiceFeature 
     { 
         Ensure = 'Present'
         Name   = 'DSC-Service'             
     } 

    xCertReq DSCSSLCert
    {
        CARootName                = 'ca01-contoso-ca'
        CAServerFQDN              = 'ca01.contoso.com'
        Subject                   = 'dsc.contso.com'
        AutoRenew                 = $true
        Credential                = $Credential
        DependsOn               = '[WindowsFeature]DSCServiceFeature'
    }

     xDscWebService PSDSCPullServer 
     { 
         Ensure                  = 'Present' 
         EndpointName            = 'PSDSCPullServer' 
         Port                    = 8080 
         PhysicalPath            = "$env:SystemDrive\inetpub\PSDSCPullServer" 
         CertificateSubject   = "dsc.contso.com"
         ModulePath              = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules" 
         ConfigurationPath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration" 
         State                   = 'Started'
         DependsOn               = '[xCertReq]DSCSSLCert'                         
     } 
}
@kwirkykat kwirkykat added enhancement The issue is an enhancement request. help wanted The issue is up for grabs for anyone in the community. labels Aug 24, 2016
@rcarpenter79
Copy link
Contributor

Is this still wanted?

I recently ran in to this problem and added this feature for my own use.
I found this issue after I had started my change.

@rcarpenter79 rcarpenter79 mentioned this issue Dec 7, 2017
Merged
@johlju
Copy link
Member

johlju commented May 14, 2018

@rcarpenter79 Are you interested to send in a pull request with your change?

@johlju johlju added in progress The issue is being actively worked on by someone. and removed help wanted The issue is up for grabs for anyone in the community. labels May 22, 2018
johlju pushed a commit that referenced this issue May 24, 2018
@rcarpenter79 @johlju
Added CertificateSubject feature to xDSCWebService DSC Resource (#379)
169a2ba 
- Changes to xDSCWebService
  - Added the option to use a certificate based on it's subject and template name
    instead of it's thumbprint (issue #205).
  - xDSCWebService: Fixed an issue where Test-WebConfigModulesSetting would
    return $true when web.config contains a module and the desired state was for
    it to be absent (issue #418).
@johlju johlju removed the in progress The issue is being actively worked on by someone. label May 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement The issue is an enhancement request.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kwirkykat @johlju @PlagueHO @rcarpenter79