diff options
| author | Cryptophobia <Anton.Ouzounov@careerbuilder.com> | 2016-04-13 18:02:55 -0400 |
|---|---|---|
| committer | Cryptophobia <Anton.Ouzounov@careerbuilder.com> | 2016-04-13 18:02:55 -0400 |
| commit | 76a519fddc841727336eb0a25fbb72e4e721d279 (patch) | |
| tree | 20980e06e9b5f7ad7f25bb5772194c19cf5e0237 /examples | |
| parent | 81a4df620608c7e18c98c6de4f625b3aa72181a2 (diff) | |
| download | ansible-76a519fddc841727336eb0a25fbb72e4e721d279.tar.gz | |
Update to ConfigureRemotingForAnsible.ps1
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/scripts/ConfigureRemotingForAnsible.ps1 | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/examples/scripts/ConfigureRemotingForAnsible.ps1 b/examples/scripts/ConfigureRemotingForAnsible.ps1 index e7c71352f5..e23a60b721 100644 --- a/examples/scripts/ConfigureRemotingForAnsible.ps1 +++ b/examples/scripts/ConfigureRemotingForAnsible.ps1 @@ -12,19 +12,26 @@ # DOMAIN or PRIVATE zones. Provide this switch if you want to enable winrm on # a device with an interface in PUBLIC zone. # +# Set $ForceNewSSLCert if the system has been syspreped and a new SSL Cert +# must be forced on the WinRM Listener when re-running this script. This +# is necessary when a new SID and CN name is created. +# # Written by Trond Hindenes <trond@hindenes.com> # Updated by Chris Church <cchurch@ansible.com> # Updated by Michael Crilly <mike@autologic.cm> +# Updated by Anton Ouzounov <Anton.Ouzounov@careerbuilder.com> # # Version 1.0 - July 6th, 2014 # Version 1.1 - November 11th, 2014 # Version 1.2 - May 15th, 2015 +# Version 1.3 - April 4th, 2016 Param ( [string]$SubjectName = $env:COMPUTERNAME, [int]$CertValidityDays = 365, [switch]$SkipNetworkProfileCheck, - $CreateSelfSignedCert = $true + $CreateSelfSignedCert = $true, + [switch]$ForceNewSSLCert ) Function New-LegacySelfSignedCert @@ -147,6 +154,36 @@ If (!($listeners | Where {$_.Keys -like "TRANSPORT=HTTPS"})) Else { Write-Verbose "SSL listener is already active." + + # Force a new SSL cert on Listener if the $ForceNewSSLCert + if($ForceNewSSLCert){ + + # Create the new cert. + If (Get-Command "New-SelfSignedCertificate" -ErrorAction SilentlyContinue) + { + $cert = New-SelfSignedCertificate -DnsName $SubjectName -CertStoreLocation "Cert:\LocalMachine\My" + $thumbprint = $cert.Thumbprint + Write-Host "Self-signed SSL certificate generated; thumbprint: $thumbprint" + } + Else + { + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName + Write-Host "(Legacy) Self-signed SSL certificate generated; thumbprint: $thumbprint" + } + + $valueset = @{} + $valueset.Add('Hostname', $SubjectName) + $valueset.Add('CertificateThumbprint', $thumbprint) + + # Delete the listener for SSL + $selectorset = @{} + $selectorset.Add('Transport', 'HTTPS') + $selectorset.Add('Address', '*') + Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset + + # Add new Listener with new SSL cert + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + } } # Check for basic authentication. |