Page History
...
→ example is based for using a self-signed certificate on the Windows Host
Configuration
Enabling RemotePowerShell (unencrypted communication should not be allowed in this UseCase)
...
- Enable-PSRemoting –force
- set-item -force WSMan:\localhost\Service\Auth\Basic $true
- set-item -force WSMan:\localhost\Client\AllowUnencrypted $false
- set-item -force WSMan:\localhost\Service\AllowUnencrypted $false
Check if there are already Certificates in the Certificate Store (open Powershell on Host)
...
you should get a list of certificates back (otherwise the list is just empty)
Import Certificate (with PowerShell) - CER
...
you should get something like this
For PFX, use the command
Import-PfxCertificate -FilePath "<path to pfx>" -CertStoreLocation Cert:\LocalMachine\My -Verbose
Create Self Signed Certificate
- New-SelfSignedCertificate -DnsName <hostname> -CertStoreLocation Cert:\LocalMachine\My
...
Now we have imported or created a selfsigned certificate which can be used for the Remote PS Call
Next Steps explain how you connect the certificate with the WS-MAN remoting
Copy the correct Thumbprint from Store
- Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint -AutoSize
- copy the ThumbPrint you want to use
...
Open command prompt (with cmd)
- winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<hostname>"; CertificateThumbprint="<your thumbprint >"}
This binds now the certificate with HTTPS on the Host
Please adjust the Address and Hostname parameter based on your needs! If you use a Wildcard SSL certificated, make sure that hostname is equal the CN name in the certificate
In case a listener with the same Address and HTTPS is configured, please make sure you clean it up first
...
- winrm delete winrm/config/Listener?Address=*+Transport=HTTPS
Inbound Firewall Setting
Make sure that Inbound connection to TCP Port 5986 is allowed on the Windows Host !
Last Step is the GreenLight Config
The Only thing which you need to do is to configure the right Authentication Profile
Use https as the protocol and Port 5986
Test the Connection ....If everything is correct, you should get a "Success Message" back
Assign this Authentication Profile now to an Windows Host within GreenLight