VCert Playbooks don't allow issuance to the Web Hosting CAPI store #508
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
PROBLEM SUMMARY
VCert Playbooks don't allow issuance to the Web Hosting CAPI store.
STEPS TO REPRODUCE
Create a Playbook with the following Installations config:
installations: - format: CAPI capiLocation: "LocalMachine\WebHosting" capiFriendlyName: Venafi vCert Managed - IIS TLS capiIsNonExportable: True afterInstallAction: Import-Module Webadministration; Get-WebBinding | where {($_.protocol -eq "https")} | % {$_.addsslcertificate($Env:VCERT_IISServerCertificate_THUMBPRINT, "WebHosting")}EXPECTED RESULTS
Running the playbook will fail
ACTUAL RESULTS
2024-08-09T07:58:02.392-0700 ERROR vcert/playbook.go:114 invalid playbook file {"file": ".\\playbook.yaml", "error": "task 'IISServerCertificate' is invalid: \t\tinstallations[0]:\n\t\t\tinvalid CAPI store name. Should contain a valid storeName after the '\\' (i.e. 'LocalMachine\\My')"}ENVIRONMENT DETAILS
OS: Windows Server 2022 and 2019
VCert: v5.7.1
COMMENTS/WORKAROUNDS
Line 35-36 in installation.go limits to the following stores:
var validStoreNames = []string{"addressbook", "authroot", "certificateauthority", "disallowed", "my", "root", "trustedpeople", "trustedpublisher"}Limiting store installation is likely counterproductive to the useage of VCert Playbooks, users should be allowed to install to any valid CAPI store as environmental configurations will vary from one customer to the next.
The text was updated successfully, but these errors were encountered: