Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
tutorial:adm:configuration_-_winrm [2024/01/30 06:06]
erbenr 		tutorial:adm:configuration_-_winrm [2024/02/05 05:29] (current)
erbenr
Line 312: Line 312:
 Now we have certificate which is imported in our windows server and now we can configure the HTTP listener Now we have certificate which is imported in our windows server and now we can configure the HTTP listener
  
 +Create and export self signed certificate with powershell:
 +<code powershell>
 +$pathToCertificate="C:\Users\Administrator.ZOO\Desktop\certificate"  ## Specify your preferred location for export
 +$hostname='ad.idstory.idm' #hostname your machine
 +$params = @{
 +    Subject = "CN=winrm.$hostname"
 +    DnsName = 'ad.idstory.idm'
 +    CertStoreLocation = 'Cert:\LocalMachine\My' #Certificate for WinRM, must be in stored in Local Computers
 +    KeyExportPolicy ='Exportable' 
 +    KeySpec ='Signature' 
 +    KeyLength ='2048'
 +    KeyAlgorithm = 'RSA'
 +    HashAlgorithm = 'SHA256'
 +}
 +
 +$cert = New-SelfSignedCertificate @params
 +Export-Certificate -Cert $cert -FilePath "$pathToCertificate\$hostname.cer" 
 +$mypwd = ConvertTo-SecureString -String "{myPassword}" -Force -AsPlainText  ## Replace {myPassword}
 +Export-PfxCertificate -Cert $cert -FilePath "$pathToCertificate\$hostname.pfx" -Password $mypwd
 +</code>
 +
 +List certificate in windows certificate storage:
 +<code powershell>
 +Get-ChildItem -Path Cert:\LocalMachine\My -Recurse #List certificate stored in Local Computer, and copy certificate thumbrint
 +</code>
 +
 +Configure WinRM listener with HTTPS certficate:
 <code powershell> <code powershell>
 winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="HOSTNAME";CertificateThumbprint="THUMBPRINT"}' winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="HOSTNAME";CertificateThumbprint="THUMBPRINT"}'
 for deleting for deleting
 winrm delete winrm/config/Listener?Address=*+Transport=HTTPS winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
 +</code>
  
 +Create firewall rule for WinRM HTTPS:
 +<code powershell>
 +New-NetFirewallRule -Displayname 'WinRM - Powershell remoting HTTPS-In' -Name 'WinRM - Powershell remoting HTTPS-In' -Profile Any -LocalPort 5986 -Protocol TCP
 </code> </code>
  
 Restart WinRM Restart WinRM
- 
 <code powershell> <code powershell>
 Restart-Service winrm Restart-Service winrm
- 
 </code> </code>
  
Line 329: Line 358:
  
  
 +===== Powershell 7 support =====
 +
 +Install powershell 7: https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4#installing-the-msi-package
 +
 +Run app ''C:\Program Files\PowerShell\7\pwsh.exe'' and execute
 +<code powershell>
 +Enable-PSRemoting 
 +</code>
  
  
  • by erbenr