基于Powershell DSC的SSL证书管理

Question

我有一个第三方颁发的证书，我需要确保在一个给定域中的所有目标上运行。是否有办法确保此证书是通过DSC安装的？

Answer 1

目前还没有内置的方式来做这在DSC。我为我的组织编写了一个自定义资源，该资源从PFX安装证书。我使用了Cert: PSDrive、Import-PfxCertificate cmdlet和差示扫描量热法中的安全凭证 (用于PFX密码)。

更新

这现在是在微软的资源现场！xPfxImport资源在xCertificate模块v1.1中(可能更晚一些)。

也在我自己的博客上写过。

再次感谢您的鼓励(特别是杰斯科特)。

Answer 2

如何使用组策略将证书部署到域？http://technet.microsoft.com/en-us/library/cc770315%28v=ws.10%29.aspx

使用组策略部署证书

Open Group Policy Management Console.

Find an existing or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit whose users you want affected by the policy.

Right-click the GPO, and then select Edit.

Group Policy Management Editor opens, and displays the current contents of the policy object.

In the navigation pane, open Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers.

Click the Action menu, and then click Import.

Follow the instructions in the Certificate Import Wizard to find and import the certificate.

If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.