diff options
author | Dag Wieers <dag@wieers.com> | 2017-02-06 09:14:42 +0100 |
---|---|---|
committer | John R Barker <john@johnrbarker.com> | 2017-02-06 09:14:42 +0100 |
commit | 6de1f22c15cd691ef44cf85d4702786ebd738ec3 (patch) | |
tree | 9406450552fa324f5d3361aba670e19dafd6659e | |
parent | Updated CHANGELOG.md with previous bits (#20973) (diff) | |
download | ansible-6de1f22c15cd691ef44cf85d4702786ebd738ec3.tar.xz ansible-6de1f22c15cd691ef44cf85d4702786ebd738ec3.zip |
Add missing support for -CertValidityDays (#21009)
* Add missing support for -CertValidityDays
For some reason the -CertValidityDays option was not being used in the certificates we created.
This fixes #10439
* Possible fix
* We cannot use New-SelfSignedCertificate on 2012R2 and earlier
As suggested by @jhawkesworth
-rw-r--r-- | examples/scripts/ConfigureRemotingForAnsible.ps1 | 58 |
1 files changed, 22 insertions, 36 deletions
diff --git a/examples/scripts/ConfigureRemotingForAnsible.ps1 b/examples/scripts/ConfigureRemotingForAnsible.ps1 index e8998d1d2e..2cdb99773c 100644 --- a/examples/scripts/ConfigureRemotingForAnsible.ps1 +++ b/examples/scripts/ConfigureRemotingForAnsible.ps1 @@ -197,27 +197,20 @@ Else $listeners = Get-ChildItem WSMan:\localhost\Listener If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) { - # HTTPS-based endpoint does not exist. - If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) - { - $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My" - $thumbprint = $cert.Thumbprint - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - } - Else - { - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName - Write-HostLog "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint" - } + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" # Create the hashtables of settings to be used. - $valueset = @{} - $valueset.Add('Hostname', $SubjectName) - $valueset.Add('CertificateThumbprint', $thumbprint) + $valueset = @{ + Hostname = $SubjectName + CertificateThumbprint = $thumbprint + } - $selectorset = @{} - $selectorset.Add('Transport', 'HTTPS') - $selectorset.Add('Address', '*') + $selectorset = @{ + Transport = "HTTPS" + Address = "*" + } Write-Verbose "Enabling SSL listener." New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset @@ -231,27 +224,20 @@ Else If ($ForceNewSSLCert) { - # Create the new cert. - If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) - { - $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My" - $thumbprint = $cert.Thumbprint - Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - } - Else - { - $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName - Write-HostLog "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint" - } + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" - $valueset = @{} - $valueset.Add('Hostname', $SubjectName) - $valueset.Add('CertificateThumbprint', $thumbprint) + $valueset = @{ + CertificateThumbprint = $thumbprint + Hostname = $SubjectName + } # Delete the listener for SSL - $selectorset = @{} - $selectorset.Add('Transport', 'HTTPS') - $selectorset.Add('Address', '*') + $selectorset = @{ + Address = "*" + Transport = "HTTPS" + } Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset # Add new Listener with new SSL cert |