Consider supporting a .cer SSL Certificate without a password #169
Comments
|
For reference... If a .cer file is specified, the PSDSC configure will generate a new self-signed certificate with the specified alias and assign that to the IIS 443 bindings:
All PSDSC messaging and logs indicate that the Install, License, and Configure for a base deployment is successful - IIS + (2) Web-adaptors, Portal, Server, Datastore. We then go in and manually upload the .cer and re-assign the binding the the trusted certificate file so that clients do not receive an SSL cert error. Thanks. |
|
Perhaps also/even support configurations to refer certificates directly from cloud keyvaults? The option exists in ArcGIS CB but seems not to work. Saving the artifacts gives error
and deployment fails to error Deployment Error:- Could not find a part of the path 'C:\Users\xxxxxxx\AppData\Local\Temp\ea2fa619752a4b1394856006d064691b\AGBaseproperties.json' as the folder doesn't exists. If I change the template to read the SSL from file - no problem. So the issue must be how keyvault are handled. Deployment user is the owner of the keyvault. |
|
Hello @pfoppe, With v4.0.1, there is a new attribute, ConfigData.WebAdaptor.OverrideHTTPSBinding. Set this to false, so that the existing ssl certificate in the IIS 443 binding will not be replaced. When SslCertificates.Target is set to
Thanks, |
Our agency Certificate Authority currently provides .cer SSL certificates without a password. Unfortunately it seems that the arcgis powershell module has multiple checks for an SSL certificate password and if the password is not set then the module generates a self-signed certificate. We then have to fix the IIS SSL Certificate after the InstallLicenceConfigure.
Thanks for the consideration.
The text was updated successfully, but these errors were encountered: