The following GreenLight article explains briefly what kind of steps you have to perform in order to use SSL (https via tcp 5986) for PowerShell.

→ example is based for using a self-signed certificate on the Windows Host

Configuration

Enabling RemotePowerShell (unencrypted communication should not be allowed in this UseCase)

Open PowerShell on Windows Host and execute the following 4 commands

Enable-PSRemoting –force
set-item -force WSMan:\localhost\Service\Auth\Basic $true
set-item -force WSMan:\localhost\Client\AllowUnencrypted $false
set-item -force WSMan:\localhost\Service\AllowUnencrypted $false

Check if there are already Certificates in the Certificate Store (open Powershell on Host)

Set-Location Cert:\LocalMachine\My
Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint -AutoSize

you should get a list of certificates back (otherwise the list is just empty)

GreenLight > Using SSL for Remote PowerShell in GreenLight > image1_69.png

Import Certificate (with PowerShell) - CER

Import-Certificate -FilePath "<path to certificate>" -CertStoreLocation Cert:\LocalMachine\My -Verbose

you should get something like this

GreenLight > Using SSL for Remote PowerShell in GreenLight > image2_69.png

For PFX, use the command

Import-PfxCertificate -FilePath "<path to pfx>" -CertStoreLocation Cert:\LocalMachine\My -Verbose

Create Self Signed Certificate

New-SelfSignedCertificate -DnsName <hostname> -CertStoreLocation Cert:\LocalMachine\My

Now we have imported or created a selfsigned certificate which can be used for the Remote PS Call

Next Steps explain how you connect the certificate with the WS-MAN remoting

Copy the correct Thumbprint from Store

Get-ChildItem | Format-Table Subject, FriendlyName, Thumbprint -AutoSize
copy the ThumbPrint you want to use

Open command prompt (with cmd)

- winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="<hostname>"; CertificateThumbprint="<your thumbprint >"}

GreenLight > Using SSL for Remote PowerShell in GreenLight > image3_69.png

This binds now the certificate with HTTPS on the Host

Please adjust the Address and Hostname parameter based on your needs! If you use a Wildcard SSL certificated, make sure that hostname is equal the CN name in the certificate

In case a listener with the same Address and HTTPS is configured, please make sure you clean it up first

You can remove an existing entry (for Address=* and Transport HTTPS) by just using

winrm delete winrm/config/Listener?Address=*+Transport=HTTPS

Inbound Firewall Setting

Make sure that Inbound connection to TCP Port 5986 is allowed on the Windows Host !

Last Step is the GreenLight Config

The Only thing which you need to do is to configure the right Authentication Profile

Use https as the protocol and Port 5986

GreenLight > Using SSL for Remote PowerShell in GreenLight > image4_69.png

Test the Connection ....If everything is correct, you should get a "Success Message" back

Assign this Authentication Profile now to an Windows Host within GreenLight