Puppet Class: xd7deliverycontroller::sslconfig

Inherits:
xd7deliverycontroller
Defined in:
manifests/sslconfig.pp

Overview

Class configuring SSL encryption for Citrix Broker access



2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'manifests/sslconfig.pp', line 2

class xd7deliverycontroller::sslconfig inherits xd7deliverycontroller {
  if $xd7deliverycontroller::https {
    reboot { 'after_sslconfig':
      apply => finished,
      when  => refreshed
    }

    #Download SSL certificate
    dsc_file{ 'SSLCert':
      dsc_sourcepath      => $xd7deliverycontroller::sslcertificatesourcepath,
      dsc_destinationpath => 'c:\SSL\cert.pfx',
      dsc_type            => 'File'
    }

    #Load SSL certificate in Local Computer personal certificate store
  ->dsc_xpfximport{ 'ImportSSLCert':
      dsc_thumbprint => $xd7deliverycontroller::sslcertificatethumbprint,
      dsc_path       => 'c:\SSL\cert.pfx',
      dsc_location   => 'LocalMachine',
      dsc_store      => 'My',
      dsc_credential => {'user' => 'cert', 'password' => $xd7deliverycontroller::sslcertificatepassword },
      require        => Dsc_file['SSLCert']
    }

    #Map SSL certificate to Citrix Broker Service using netsh method
    #netsh http add sslcert ipport=0.0.0.0:443 certhash=<Certificate Hash Number> appid={<Citrix Broker Service GUID>}
  ->dsc_script{ 'CitrixBrokerServiceSSL':
      dsc_getscript  => 'Return @{ Result = [string]$(netsh http show sslcert) }',
      dsc_testscript => 'If ((netsh http show sslcert | Select-String  "Application ID") -like "*Application*") {
              Return $true
            } Else {
               Return $false
            }',
      dsc_setscript  => "\$brokerservice = get-wmiobject -class Win32_Product | Where-Object {\$_.name -Like \"*Broker Service*\"}
          \$guid = \$brokerservice.IdentifyingNumber
          netsh http add sslcert ipport=0.0.0.0:443 certhash=${$xd7deliverycontroller::sslcertificatethumbprint} appid=\$guid",
      notify         => Reboot['after_sslconfig']
    }

    #Make sure Citrix XML Service SSL port is 443
    registry_value { 'HKLM\SOFTWARE\Citrix\DesktopServer\XmlServicesSslPort':
      ensure  => present,
      type    => 'dword',
      data    => '443',
      require => Dsc_xd7features['XD7DeliveryController']
    }
  }
}