Secure setup of WSMan

Turbonomic provides a secure option for Hyper-V/VMM Targets which requires that WSMan be set up securely. Use PowerShell to generate a self-signed certificate, and create an HTTPS WinRM listener.

Note:

For clustered Hyper-V targets, you do not need to create a listener on each host. Only create a listener on the host that is being added to the "Address" field in the Target Configuration.

To enable secure WSMan on your Hyper-V host:

  1. Generate a self-signed certificate using the following command:

    New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "myhost.example.org"
  2. Find the thumbprint for the certificate for the host:

    Get-childItem cert:\LocalMachine\My
  3. Create an HTTPS WinRM listener for the host with the thumbprint you've found:

    winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="myhost.example.org"; CertificateThumbprint="THUMBPRINT_YOU_FOUND"}' 
  4. Verify the presence of configured listeners:

    Get-WSManInstance –ResourceURI winrm/config/listener –Enumerate