Hello,

I've successfully gotten PSRemoting to work over port 80.

Could anyone point me in the right direction as to how to secure these connections? I'm having trouble locating how to configure WinRM with an SSL certificate for use with PowerShell Remoting.

Thanks,
-B

oh, that was easy. Now I just have to make a cert :)

winrm quickconfig -transport:https

or

winrm create winrm/config/listener?Address=xxx+Transport=HTTPS

It seems that PowerShell will not connect to the remote computer because the remote computer's SSL certificate does not match the actual server name, even though it is a signed certificate, the certificate is issued to a domain name and not the actual server name.

"The SSL certificate contains a common name (CN) that does not match the hostname."

Is there anyway to use HTTPS w/o having an SSL issued to the actual server name? It seems kind of odd, is there anyway to ignore/force it?

This has stopped everything in its tracks :(

Ok I've gotten everything to work over HTTPS. It's easy, but not as automated as I was hoping for...

Here is what I've got:

On the Client (Remote) Server:

Download SelfSSL:
http://www.microsoft.com/downloads/...laylang=en

Generate Certificate:
C:\Program Files (x86)\IIS Resources\SelfSSL>selfssl.exe /N:CN=10.20.66.10 /V:3600 /T /Q

Remove https binding from Default Website in IIS7

Export Trusted Root CA Cert (cert we just created)

Copy the exported file to the PowerShell Server.

On the PowerShell Server, Import the copied cert file into the "Trusted Root CA"

Back to the Remote Server:

Create the WinRM HTTPS Listener: (In Command Prompt:)

C:\>winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="10.20.66.10";CertificateThumbprint="4f 4c a6 d6 6f b1 5b 88 72 b0 fc 0d 48 a0 4c 9b 0d 93 2a 49"}

Replace the Hostname value with whatever you issued the certificate to in step 1.
Replace the CertificateThumprint value with the actual certificates thumprint (view certificate details).

Ensure the client is allowing connections: (In Command Prompt:)

C:\>winrm set winrm/config/client @{TrustedHosts="*"}

Finally, from the PowerShell server, establish a persistant session to the remote server:

PS C:\>$s = New-PSSession 10.20.66.10 -Credentials RADMIN -UseSSL

Test:

PS C:\>icm $s {$env:computername}

http://blogs.msdn.com/powershell/ar...an-in.aspx

I see "SkipCACheck" and "SkipCNCheck" flags for the New-WSManSessionOption cmdlet that may help.

Thank you! I've been able to skip the whole certificate export/import steps by using this to connect:

$s = New-PSSession 10.20.66.10 -Credentials RADMIN -UseSSL -SessionOption (New-WSManSessionOption -SkipCACheck -SkipCNCheck)

Now... to automate this for 1000 servers... :)

Email me some time. I'm curious to know more about your requirements...

email: marco DOT shaw AT gmail DOT com