我拥有第三方颁发的证书,需要确保该证书在给定域中的所有目标上运行。有没有办法确保通过 DSC 安装此证书?
答案1
目前 DSC 中没有内置方法可以执行此操作。我为我的组织编写了一个自定义资源,用于从 PFX 安装证书。我使用了 PSDrive Cert:、Import-PfxCertificatecmdlet 和DSC 中的安全凭据(用于 PFX 密码)。
更新
这现已在 Microsoft 资源中上线!xPfxImport资源位于xCertificate模块 v1.1(并且稍后可能)。
再次感谢你的鼓励(尤其是杰斯科特)。
答案2
如何使用组策略将证书部署到域?http://technet.microsoft.com/en-us/library/cc770315%28v=ws.10%29.aspx
使用组策略部署证书
Open Group Policy Management Console.
Find an existing or create a new GPO to contain the certificate settings. Ensure that the GPO is associated with the domain, site, or organizational unit whose users you want affected by the policy.
Right-click the GPO, and then select Edit.
Group Policy Management Editor opens, and displays the current contents of the policy object.
In the navigation pane, open Computer Configuration\Windows Settings\Security Settings\Public Key Policies\Trusted Publishers.
Click the Action menu, and then click Import.
Follow the instructions in the Certificate Import Wizard to find and import the certificate.
If the certificate is self-signed, and cannot be traced back to a certificate that is in the Trusted Root Certification Authorities certificate store, then you must also copy the certificate to that store. In the navigation pane, click Trusted Root Certification Authorities, and then repeat steps 5 and 6 to install a copy of the certificate to that store.