[Request] HTTPS Support

[Ioan-Popovici]

Hi Nicolaj,

First of all, great job on this web service it has been of tremendous value to us.

As a requirement from our security team, we tried to make the web service to run on HTTPS without success. Are there any special requirements for the web service to support https?

Thanks Ioan

[Yevrag35]

It works with SSL as far as I've seen. However, in order for a client that's imaging to trust the web service, it would need one of these 3 things:

1. The web service binding uses a publicly-signed certificate,
2. Install the root ca or the self-signed cert into the machine's trusted certificate store during imaging.
3. Write custom powershell code to tell .NET to ignore certificate errors.

[Naturesong]

Hi, this is a bit old now, but others may come across this thread. I'm working with similar requirements in my environment. Web service is set to listen on HTTPS only, and the server will only respond on TLS 1.2

The following are also true:

1. The Web Service uses a signed trusted cert from our CA
2. All our workstations also have signed trusted certs from our CA

In addition, I had to amend some of the scripts calling the web service.

1. In WinPE, ignore cert errors (I believe the alternative is to request a cert from the CA every time WinPE loads - If I'm wrong and there is a easy way, please let me know):

   function Test-WinPE { return Test-Path -Path
   Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlset\Control\MiniNT }

   If (Test-WinPE) { [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true } }

Yes, this is a kludge, and yes I am being lazy.

2. Prior to creation of the $WebService object ($WebService = New-WebServiceProxy -Uri $URI -ErrorAction Stop), I've added the following to enforce the call using TLS.12:

[NickolajA]

I'll close this issue, as it has already been answered very well by others.