Author Posts

January 18, 2017 at 7:29 pm

Hello,

Currently I am trying to configure two things on my VM-s:
– Open specific ports in the firewall
– Bind a certificate to a particular port

For both of these at the moment I use script resources invoking netsh or xxx-NetFirewallRule but I was wondering if there are better ways or resources out there that you can point me to?

Thank you.
Val

January 24, 2017 at 4:53 am

Can anyone please comment?

January 25, 2017 at 9:22 pm

for firewall rules check out the xFirewall resource in the xNetworking module. For certificates binding, if you mean IIS website port bindings check out the xWebsite resource in the xWebAdministration module. If you're talking about the ssl certificate bindings on the machine i.e. 'netsh http show sslcert', I'm not sure if there's a dsc module for that.

January 25, 2017 at 10:04 pm

Thank you. Yes, I meant netsh... Meanwhile I implemented it in a script like this:

...
    param (
        [string] $ApplicationId,
        [string] $VmCertificateHash,
        [int] $NetTcpPort     = 808
    )
...
        Script NetTcpCertificatePortBinding
        {
            GetScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                @{ Result = $t }
            }

            TestScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$NetTcpPort
                
                $t -match "(?im)^\s+IP:port\s*:\s*.*:$NetTcpPort" -and
                $t -match "(?im)^\s+Certificate Hash\s*:\s*$VmCertificateHash$" -and
                $t -match "(?im)^\s+Application ID\s*:\s*{$ApplicationId}\s*$"
            }
            
            SetScript = 
            {
                netsh http add sslcert ipport=0.0.0.0:$NetTcpPort certhash=$VmCertificateHash appid="{$ApplicationId}"
            }
        }
...

But it is not working. Can you see any problem in the code above?
Thank you!

January 26, 2017 at 6:50 am

Figured it out: I was missing the "$using:" part. The snippet above should be:

...
    param (
        [string] $ApplicationId,
        [string] $VmCertificateHash,
        [int] $NetTcpPort     = 808
    )
...
        Script NetTcpCertificatePortBinding
        {
            GetScript = 
            {
                @{ Result = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort }
            }

            TestScript = 
            {
                $t = netsh http show sslcert ipport=0.0.0.0:$using:NetTcpPort
                
                $t -match "(?im)^\s+IP:port\s*:\s*.*:$using:NetTcpPort" -and
                $t -match "(?im)^\s+Certificate Hash\s*:\s*$using:VmCertificateHash$" -and
                $t -match "(?im)^\s+Application ID\s*:\s*{$using:ApplicationId}\s*$"
            }
            
            SetScript = 
            {
                netsh http add sslcert ipport=0.0.0.0:$using:NetTcpPort certhash=$using:VmCertificateHash appid="{$using:ApplicationId}"
            }
        }
...