User Tools

Site Tools


juju-manual

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
juju-manual [2016/12/08 19:31]
sgiulitti [Manually adding the Client certs on the target windows machine]
juju-manual [2016/12/08 21:52]
sgiulitti
Line 80: Line 80:
 winrm quickconfig winrm quickconfig
 # this will let us use the http listener with password auth # this will let us use the http listener with password auth
-winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' 
 + 
 +# make sure this settings are set like this. 
 +winrm set winrm/config/client '@{TrustedHosts="*"}' 
 +winrm set winrm/config/client/auth '@{Basic="true"}' 
 +winrm set winrm/config/client/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service/auth '@{Basic="true"}' 
 +winrm set winrm/config/service/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service '@{AllowRemoteAccess="true"}'
  
 </code> </code>
Line 107: Line 115:
 C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass: C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass:
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My
 +############################################################################################
 +# THIS IS ONLY IF YOU WANT TO TEST THE CA VERIFICATION ON THE HOST WITH Enter-PSSession cmd
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root
 +############################################################################################
 winrm set winrm/config/service/auth '@{Certificate="true"}' winrm set winrm/config/service/auth '@{Certificate="true"}'
 winrm set winrm/config/client/auth '@{Certificate="true"}' winrm set winrm/config/client/auth '@{Certificate="true"}'
Line 188: Line 199:
  
 # Remove Client mapping (in case you want to remove it) # Remove Client mapping (in case you want to remove it)
-# THIS WILL REMOVE ALL CLIENTCERTITIFACTES IN WSMAN+# THIS WILL REMOVE ALL CLIENT CERTITIFACTES IN WSMAN
 Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null
 </code> </code>
juju-manual.txt · Last modified: 2016/12/08 21:52 (external edit)