From 719bf3142d21e122c2d6025f8ea7a1580121d354 Mon Sep 17 00:00:00 2001 From: IngridAtMicrosoft Date: Mon, 18 Oct 2021 17:39:44 -0700 Subject: [PATCH] removing file --- includes/githubissues-deleteme.md | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 includes/githubissues-deleteme.md diff --git a/includes/githubissues-deleteme.md b/includes/githubissues-deleteme.md deleted file mode 100644 index 94a7930ead..0000000000 --- a/includes/githubissues-deleteme.md +++ /dev/null @@ -1,20 +0,0 @@ -First, obtain an SSL certificate for HGS from your certificate authority. Each host machine will need to trust the SSL certificate, so it is recommended that you issue the SSL certificate from your company's public key infrastructure or a third party CA. Any SSL certificate supported by IIS is supported by HGS, however **the subject name on the certificate must match the fully qualified HGS service name** (cluster distributed network name). For instance, if the HGS domain is "bastion.local" and your HGS service name is "hgs", your SSL certificate should be issued for "hgs.bastion.local". You can add additional DNS names to the certificate's subject alternative name field if necessary. - -Once you have the SSL certificate, open an elevated PowerShelll session and either provide the certificate path when you run [Set-HgsServer](https://technet.microsoft.com/itpro/powershell/windows/host-guardian-service/server/set-hgsserver): - - -```powershell -$sslPassword = Read-Host -AsSecureString -Prompt "SSL Certificate Password" -Set-HgsServer -Http -Https -HttpsCertificatePath 'C:\temp\HgsSSLCertificate.pfx' -HttpsCertificatePassword $sslPassword -``` - -Or, if you have already installed the certificate into the local certificate store, you can reference it by thumbprint: - -```powershell -Set-HgsServer -Http -Https -HttpsCertificateThumbprint 'A1B2C3D4E5F6...' -``` - -> [!IMPORTANT] -> Configuring HGS with an SSL certificate does not disable the HTTP endpoint. -> If you wish to only allow use of the HTTPS endpoint, configure Windows Firewall to block inbound connections to port 80. -> **Do not modify the IIS bindings** for HGS websites to remove the HTTP endpoint; it is unsupported to do so.