Closed ccpyle closed 1 year ago
ccpyle
commented
1 year ago Digging through code a bit, I see parameters "CertificateDnsName" "SigningCertificateDnsName" and DecryptionCertificateDnsName". Could this already be implemented and is just a missing portion of Wiki?
X-Guardian
commented
1 year ago Hi @ccpyle, the ADFSFarm resource was updated in PR #48 to discover the certificates at runtime and released with v1.3.0 of the module. You can see an example here. I have updated the Wiki.
ccpyle
commented
1 year ago Fantastic!! Thanks for pointing me in the right direction @X-Guardian. Apologies for a duplicate enhancement request.
Details of the scenario you tried and the problem that is occurring
Working to fully automate an ADFS deployment but with a static thumbprint, the MOF must be recompiled any time the certificate changes. Full automation includes the request of a certificate for the ADFS server, so the thumbprint is not known until DSC applies.
Verbose logs showing the problem
Suggested solution to the issue
Remove thumbprint parameter in favor of a CommonName parameter. Find the latest certificate in the computer store with the matching CN and apply that certificate.
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
Windows Server 2022
OsName : Microsoft Windows Server 2022 Standard Evaluation OsOperatingSystemSKU : 79 OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500 OsLanguage : en-US OsMuiLanguages : {en-US}
Version and build of PowerShell the target node is running
PSVersion 5.1.20348.1366
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.1366
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
Version of the DSC module that was used
v1.3