Search code examples
powershellssldsc

Desired State Configuration HTTPS Doesn't Work

I've created a domain certificate for my DSC web pull server (issued by my internal CA) and retrieved the thumbprint.
I exported the certificate from inetmgr and installed it on the pull server (both local machine and user).
I then put the thumbprint in the script in the CertificateThumbprint parameter.

However when I re-run the config script to generate the new MOF and restart the DSC configuration, I can still only get to the site via http and not https.

When I try to navigate to the pull server site with https I get TLS warnings. (I'm on Windows Server 2016, PS version 5.1)

Cheers

EDIT:

Below is the script for generating the MOF with the thumbprint inside.

 configuration CreatePullServer
 {
 param
 (
 [string[]]$ComputerName = 'localhost'
 )

Import-DSCResource -ModuleName xPSDesiredStateConfiguration
Import-DscResource -ModuleName PSDesiredStateConfiguration

Node $ComputerName
{
WindowsFeature DSCServiceFeature
{
  Ensure = "Present"
  Name  = "DSC-Service"
}

xDSCWebService PSDSCPullServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCPullServer"
  AcceptSelfSignedCertificates = $true
  Port          = 8080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCPullServer"
  CertificateThumbPrint  = '881B26142BABAFEF7490FB1CD48EA1D572628087'
  ModulePath       = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Modules"
  ConfigurationPath    = "$env:PROGRAMFILES\WindowsPowerShell\DscService\Configuration"
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = "[WindowsFeature]DSCServiceFeature"
}

xDscWebService PSDSCComplianceServer
{
  Ensure         = "Present"
  EndpointName      = "PSDSCComplianceServer"
  Port          = 9080
  PhysicalPath      = "$env:SystemDrive\inetpub\wwwroot\PSDSCComplianceServer"
  CertificateThumbPrint  = 'AllowUnencryptedTraffic'
  State          = "Started"
  UseSecurityBestPractices = $True
  DependsOn        = ("[WindowsFeature]DSCServiceFeature","[xDSCWebService]PSDSCPullServer")
}

}

}

CreatePullServer -ComputerName pullsrv01 -verbose

And here is an image of the TLS message when I try to navigate to the https site

Solution

  • I managed to resolve this issue by adding a site binding for the PS DSC Pull Server site in IIS with the certificate, FYI.