Steps

Steps to regenerate and import the new CA:

on your Windows CA server, to create a CSR:

1-Go to Start > Administrative Tools > Internet Information Services (IIS) Manager.

2-Select the server name from the left-side panel.

3-In the center panel, double-click Server Certificates.

4-In the Actions menu from the right-side, click Create Certificate Request.

5-In the Distinguished Name Properties window, complete the required fields:

please note: Common name – the target server fully qualified domain name (FQDN)

Click Next.

6-In the Cryptographic Service Provider Properties window, select the following:

Cryptographic service provider: Microsoft RSA SChannel

Bit length: 2048

Click Next.

7-In the File Name window, select the location for saving the CSR and enter a name.

Click Finish.

Your CSR is created as a .txt file.

Next, you need to obtain the private key associated to the CSR:

1-Open the Microsoft Management Console (mmc).

2-Go to File > Add/Remove Snap-in.

3-Double-click Certificates in the list of snap-ins.

4-Select Computer account and click Next.

5-Select Local computer and click Finish.

Click OK to populate the snap-in.

6-Go to Console Root > Certificates > Certificate Enrollment Requests.

7-Right-click the desired CSR and click All Tasks > Export.

8-In the Certificate Export Wizard, click Next.

Choose Yes, export the private key and click Next.

9-Select Personal Information Exchange – PKCS #12 and click Next.

10-Enter a password to protect your private key and click Next.

11-Choose where to save the private key and click Next.

Click Finish.

The private key is exported as a .pfx file.

Now we need to import the certificate in our target server

1-Open the MMC (Start > Run > MMC).

2-Go to File > Add / Remove Snap In

3-Double Click Certificates

4-Select Computer Account.

5-Select Local Computer > Finish

6-Click OK to exit the Snap-In window.

7-Navigate to to Certificates > Personal > Certificates

8-Right click on Certificates and select All Tasks > Import

9-Click Next & Click Browse

10-Select the .pfx you would like to import. Click Open.

11-Click Next, write password, Select Automatically select the certificate store based on the type of

Certificate, Click Finish & OK.

12-Then we need to import it in trusted root certificate\certificates

B- When you finish installing the certificate, make sure that “Winrm” service is started and

Startup type “Automatic”

C- then run the below command (Run as administrator)

winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="server.fqdn";CertificateThumbprint="YOURCERTIFICATETHUMPPRINT"}

get the cert thumbprint from here

D- Run the below command (Run as administrator)

winrm quickconfig -transport:https

-To make sure that WinRM is listening on HTTPS, run the below command (Run as

administrator)

winrm enumerate winrm/config/listener

note the output message and make sure that “Transport = HTTPS”

Now, for the second part, we should configure “PowerShell remoting”:

Run the below command in PowerShell console, please select the appropriate choice according to your needs in work environment

Enable-PSRemoting

Also, you can use this command to Configure the server to receive remote commands without a confirmation prompt

Enable-PSRemoting -Force

To test you have enabled PowerShell remoting correctly, from another server, you can enter this command

Enter-PSSession -ComputerName <hostname>

This will open an interactive session with the remote server which will allow you to enter PowerShell commands to be executed on the remote machine.