How To
Summary
Create CA, configure WINRM to enable the machine to receive PS remote commands.
Objective
Environment
Steps
Steps to regenerate and import the new CA:
on your Windows CA server, to create a CSR:
1-Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.
2-Select the server name from the left-side panel.
3-In the center panel, double-click Server Certificates.
4-In the Actions menu from the right-side, click Create Certificate Request.
5-In the Distinguished Name Properties window, complete the required fields:
please note: Common name – the target server fully qualified domain name (FQDN)
Click Next.
6-In the Cryptographic Service Provider Properties window, select the following:
Cryptographic service provider: Microsoft RSA SChannel
Bit length: 2048
Click Next.
7-In the File Name window, select the location for saving the CSR and enter a name.
Click Finish.
Your CSR is created as a .txt file.
Next, you need to obtain the private key associated to the CSR:
1-Open the Microsoft Management Console (mmc).
2-Go to File > Add/Remove Snap-in.
3-Double-click Certificates in the list of snap-ins.
4-Select Computer account and click Next.
5-Select Local computer and click Finish.
Click OK to populate the snap-in.
6-Go to Console Root > Certificates > Certificate Enrollment Requests.
7-Right-click the desired CSR and click All Tasks > Export.
8-In the Certificate Export Wizard, click Next.
Choose Yes, export the private key and click Next.
9-Select Personal Information Exchange – PKCS #12 and click Next.
10-Enter a password to protect your private key and click Next.
11-Choose where to save the private key and click Next.
Click Finish.
The private key is exported as a .pfx file.
Now we need to import the certificate in our target server
1-Open the MMC (Start > Run > MMC).
2-Go to File > Add / Remove Snap In
3-Double Click Certificates
4-Select Computer Account.
5-Select Local Computer > Finish
6-Click OK to exit the Snap-In window.
7-Navigate to to Certificates > Personal > Certificates
8-Right click on Certificates and select All Tasks > Import
9-Click Next & Click Browse
10-Select the .pfx you would like to import. Click Open.
11-Click Next, write password, Select Automatically select the certificate store based on the type of
Certificate, Click Finish & OK.
12-Then we need to import it in trusted root certificate\certificates
B- When you finish installing the certificate, make sure that “Winrm” service is started and
Startup type “Automatic”
C- then run the below command (Run as administrator)
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="server.fqdn";CertificateThumbprint="YOURCERTIFICATETHUMPPRINT"}
get the cert thumbprint from here
D- Run the below command (Run as administrator)
winrm quickconfig -transport:https
-To make sure that WinRM is listening on HTTPS, run the below command (Run as
administrator)
winrm enumerate winrm/config/listener
note the output message and make sure that “Transport = HTTPS”
Now, for the second part, we should configure “PowerShell remoting”:
Run the below command in PowerShell console, please select the appropriate choice according to your needs in work environment
Enable-PSRemoting
Also, you can use this command to Configure the server to receive remote commands without a confirmation prompt
Enable-PSRemoting -Force
To test you have enabled PowerShell remoting correctly, from another server, you can enter this command
Enter-PSSession -ComputerName <hostname>
This will open an interactive session with the remote server which will allow you to enter PowerShell commands to be executed on the remote machine.
Additional Information
Search on the following for additional information.
How to configure WINRM for HTTPS
Enable-PSRemoting
Document Location
Worldwide
Was this topic helpful?
Document Information
More support for:
Microsoft Windows
Component:
Windows
Software version:
All Versions
Document number:
7179009
Modified date:
16 December 2024
UID
ibm17179009