Powershell – The certificate chain was issued by an authority that is not trusted (dbatools)

huangapple go评论81阅读模式
英文:

Powershell - The certificate chain was issued by an authority that is not trusted (dbatools)

问题

我正在使用dbatools脚本,但大多数命令返回以下警告:

PS C:\Users\Administrator> Test-DbaDiskAlignment -ComputerName sqlag| Format-Table
WARNING: [23:22:13][Get-DiskAlignment] Failure | The certificate chain was issued by an authority that is not trusted

我找到了一些关于"TrustServerCertificate=True"的参考资料,但似乎它是用于SQL Server连接字符串的。如何在PowerShell中设置它?

英文:

I am using dbatools scripts, but most commands return:

PS C:\Users\Administrator> Test-DbaDiskAlignment -ComputerName sqlag| Format-Table
WARNING: [23:22:13][Get-DiskAlignment] Failure | The certificate chain was issued by an authority that is not trusted

I've found some references to "TrustServerCertificate=True", but it seems to be used in SQL Server connection string. How to set it in powershell?

答案1

得分: 4

以下是翻译好的部分:

脚本的一项功能是检查磁盘是否实际用于SQL数据文件。

但它仅使用实例名称和凭据连接,没有传递其他参数,因此如果证书不受信任,则会失败。查看源代码。

您可以通过使用 -NoSqlCheck 来避免这种情况,它会阻止检查的发生。但我建议您为SQL Server实例获取适当的证书。

如果您愿意,您可以在Github上创建拉取请求以添加其他连接设置参数。


看起来您确实 想要 连接到SQL Server,以便运行其他脚本,如 Backup-DbaDatabase

在这种情况下,您需要强制它信任服务器证书,假设您不想安装适当的证书。正如您可能知道的,这是一个重要的安全问题。

$server = Connect-DbaInstance `
    -SqlInstance 'yourMachine.domain.com' `
    -Database 'YourDb' `
    -TrustServerCertificate;
# 使用 -SqlCredential 添加凭据

Backup-DbaDatabase -SqlInstance $server.....
英文:

One of the things that script does is check if the disk is actually being used for SQL data files.

But it only connects using an instance name and credentials, no other parameter is passed, so if the certificate is untrusted then it will fail. See the source code.

You can avoid this by using the -NoSqlCheck, which prevents the check from happening. But I urge you to get a proper certificate for your SQL Server instance.

If you want, you can create a pull request on Github to add other parameters to the connection settings.


It seems you actually do want to connect to SQL Server, in order to run other scripts such as Backup-DbaDatabase.

In which case you need to force it to trust the server certificate, assuming you don't want to install a proper certificate. As I'm sure you know, this is a significant security issue.

$server = Connect-DbaInstance `
    -SqlInstance 'yourMachine.domain.com' `
    -Database 'YourDb' `
    -TrustServerCertificate;
# add credentials using -SqlCredential

Backup-DbaDatabase -SqlInstance $server.....

答案2

得分: 3

选项 1. 返回到较旧版本的 dbatools,如 1.1.145

卸载模块 dbatools -force -verbose
安装模块 -name dbatools -requiredversion 1.1.145

选项 2. 如果您想保留当前版本并仅为您的脚本修复此问题,请在脚本开头添加以下内容

Set-DbatoolsInsecureConnection -SessionOnly

选项 3. 如 dbatools 建议的,将 DbaToolsConfig 设置为使用旧的设置

Set-DbatoolsConfig -FullName sql.connection.trustcert -Value $true -Register
Set-DbatoolsConfig -FullName sql.connection.encrypt -Value $false -Register
英文:

You must have installed a dbatools version 2.0 or higher and I think, you have 3 options.

Option 1. Go back to an older version of dbatools like 1.1.145

uninstall-module dbatools -force -verbose
install-module -name dbatools -requiredversion 1.1.145

Option 2.
You want to keep your current version and get this fixed for your script only hence add the following at the beginning of your script

Set-DbatoolsInsecureConnection -SessionOnly

Option 3.
As dbatools suggested, set DbaToolsConfig to use the old settings

Set-DbatoolsConfig -FullName sql.connection.trustcert -Value $true -Register
Set-DbatoolsConfig -FullName sql.connection.encrypt -Value $false -Register 

huangapple
  • 本文由 发表于 2023年5月15日 10:25:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/76250523.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定