Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:configuration_-_winrm [2024/01/30 06:06]
erbenr 		tutorial:adm:configuration_-_winrm [2024/01/30 06:45]
erbenr
Line 309: Line 309:
  
 The tested way to generate self signed certificate on linux via tutorial which can be found [[https://medium.com/@tbusser/creating-a-browser-trusted-self-signed-ssl-certificate-2709ce43fd15|here]] you should follow whole process except the part with finals steps because for our purpose we don't need to import it to browsers. The tested way to generate self signed certificate on linux via tutorial which can be found [[https://medium.com/@tbusser/creating-a-browser-trusted-self-signed-ssl-certificate-2709ce43fd15|here]] you should follow whole process except the part with finals steps because for our purpose we don't need to import it to browsers.
 +Create and export self signed certificate with powershell:
  
 Now we have certificate which is imported in our windows server and now we can configure the HTTP listener Now we have certificate which is imported in our windows server and now we can configure the HTTP listener
 +<code powershell>
 +$pathToCertificate="C:\Users\Administrator.ZOO\Desktop\certificate"  ## Specify your preferred location for export
 +$hostname='bear.zoo.bcv' #hostname your machine
 +$params = @{
 +    Subject = "CN=winrm.$hostname"
 +    DnsName = 'bear.zoo.bcv'
 +    CertStoreLocation = 'Cert:\LocalMachine\My' #Certificate for WinRM, must be in stored in Local Computers
 +    KeyExportPolicy ='Exportable' 
 +    KeySpec ='Signature' 
 +    KeyLength ='2048'
 +    KeyAlgorithm = 'RSA'
 +    HashAlgorithm = 'SHA256'
 +}
  
 +#$cert = New-SelfSignedCertificate -Subject "CN=bear.zoo.bcv" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256    ## Replace {certificateName}
 +$cert = New-SelfSignedCertificate @params
 +Export-Certificate -Cert $cert -FilePath "$pathToCertificate\$hostname.cer" 
 +$mypwd = ConvertTo-SecureString -String "{myPassword}" -Force -AsPlainText  ## Replace {myPassword}
 +Export-PfxCertificate -Cert $cert -FilePath "$pathToCertificate\$hostname.pfx" -Password $mypwd
 +</code>
 +
 +List certificate in windows certificate storage:
 +<code powershell>
 +Get-ChildItem -Path Cert:\LocalMachine\My -Recurse #List certificate stored in Local Computer, and copy certificate thumbrint
 +</code>
 +
 +Configure WinRM listener with HTTPS certficate:
 <code powershell> <code powershell>
 winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="HOSTNAME";CertificateThumbprint="THUMBPRINT"}' winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="HOSTNAME";CertificateThumbprint="THUMBPRINT"}'
 for deleting for deleting
 winrm delete winrm/config/Listener?Address=*+Transport=HTTPS winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
- 
 </code> </code>
  
  • by erbenr