SqlRS: Add SSL functionality

Question

SqlRS: Add SSL functionality

johlju opened this issue 7 years ago · 3 comments

Details of the scenario you tried and the problem that is occurring:
I suggest add SSL functionality to resource SqlRS.

The suggested change in issue #990 removing SqlRSSecureConnectionLevel and adding SecureConnectionLevel to the SqlRS resource will only change the value of property SecureConnectionLevel, it does not add new ports or bind a certificate to the configuration.

Articles.

How Certificate Bindings Are Stored
Using Secure Web Service Methods
ConfigurationSetting Method - SetSecureConnectionLevel
RsReportServer.config Configuration File

The DSC configuration that is using the resource (as detailed as possible):
n/a

Version of the Operating System, SQL Server and PowerShell the DSC Target Node is running:
n/a

What module (SqlServer or SQLPS) and which version of the module the DSC Target Node is running:
n/a

Version of the DSC module you're using, or 'dev' if you're using current dev branch:
Dev

Answer 1 · 2017-12-30T20:01:16.000Z

More documentation for this issue:

ConfigurationSetting Method - CreateSSLCertificateBinding
ConfigurationSetting Method - ListSSLCertificateBindings
ConfigurationSetting Method - ListSSLCertificates

Answer 2 · 2017-12-30T20:05:22.000Z

@PlagueHO are you adding/creating a certificate to the AppVeyor build worker in any integration test in any of the resource modules? If so, maybe I can copy that?
I was thinking of using Let's encrypt but I thinking that one is not allowed to renew the certificate for each push. I did maybe 40 pushes today alone, that would mean 40 renews, unless we keep the certificate somewhere to download. But not sure how Let's encrypt work so have to look in to it. But if you already have a working solution then that would make things a lot easier.

Answer 3 · 2022-06-20T14:20:26.000Z

@johlju, in thinking this one through, I think we have two options.

Pass in a hashtable (or PSObject) for each application (ReportServerWebService, ReportServerWebApp, PowerBIWebApp) which contains the following properties:
- Application
- CertificateHash (Thumbprint)
- IPAddress (0.0.0.0 will bind to all IP addresses)
- Port
Supply the following properties and they will be applied to all of the applications
- HttpsCertificateThumbprint
- HttpsIPAddress (default 0.0.0.0)
- HttpsPort (default 443)

I think I like the 2nd option better for simplicity, but the first option allows more flexibility even though it will be more difficult to use. Thoughts?