cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add missing support for -CertValidityDays (#21009)

Browse source 
* Add missing support for -CertValidityDays

For some reason the -CertValidityDays option was not being used in the certificates we created.

This fixes #10439

* Possible fix

* We cannot use New-SelfSignedCertificate on 2012R2 and earlier

As suggested by @jhawkesworth
This commit is contained in:
Dag Wieers 2017-02-06 09:14:42 +01:00 committed by John R Barker
parent 6355c5cafa
commit 6de1f22c15
1 changed files with 22 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
examples/scripts/ConfigureRemotingForAnsible.ps1
View file

@ -197,27 +197,20 @@ Else
$listeners = Get-ChildItem WSMan:\localhost\Listener $listeners = Get-ChildItem WSMan:\localhost\Listener
If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"}))
{ {
# HTTPS-based endpoint does not exist. # We cannot use New-SelfSignedCertificate on 2012R2 and earlier
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays
{ Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint"
$cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
$thumbprint = $cert.Thumbprint
Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
Else
{
$thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
Write-HostLog "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
# Create the hashtables of settings to be used. # Create the hashtables of settings to be used.
$valueset = @{} $valueset = @{
$valueset.Add('Hostname', $SubjectName) Hostname = $SubjectName
$valueset.Add('CertificateThumbprint', $thumbprint) CertificateThumbprint = $thumbprint
}
$selectorset = @{} $selectorset = @{
$selectorset.Add('Transport', 'HTTPS') Transport = "HTTPS"
$selectorset.Add('Address', '*') Address = "*"
}
Write-Verbose "Enabling SSL listener." Write-Verbose "Enabling SSL listener."
New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset
@ -231,27 +224,20 @@ Else
If ($ForceNewSSLCert) If ($ForceNewSSLCert)
{ {
# Create the new cert. # We cannot use New-SelfSignedCertificate on 2012R2 and earlier
If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays
{ Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint"
$cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My"
$thumbprint = $cert.Thumbprint
Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
Else
{
$thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName
Write-HostLog "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint"
}
$valueset = @{} $valueset = @{
$valueset.Add('Hostname', $SubjectName) CertificateThumbprint = $thumbprint
$valueset.Add('CertificateThumbprint', $thumbprint) Hostname = $SubjectName
}
# Delete the listener for SSL # Delete the listener for SSL
$selectorset = @{} $selectorset = @{
$selectorset.Add('Transport', 'HTTPS') Address = "*"
$selectorset.Add('Address', '*') Transport = "HTTPS"
}
Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset
# Add new Listener with new SSL cert # Add new Listener with new SSL cert