I thought we’d covered this in The DSC Book, was it not? You need to include the certificate thumbprint that the node will use to decrypt the credentials – meaning the certificate itself must be pre-deployed. It works the same as if the config is coming from a pull server. And don’t forget that a pull server can also just be a file server; you don’t need to go the web server route, if that helps.
↧