This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
juju-manual [2016/12/08 19:15] sgiulitti |
juju-manual [2016/12/08 21:52] (current) |
||
---|---|---|---|
Line 70: | Line 70: | ||
First ,we need check if the windows machine has enabled all WinRM listeners. It's important because, in the provisioning process, the juju client directly communicate, | First ,we need check if the windows machine has enabled all WinRM listeners. It's important because, in the provisioning process, the juju client directly communicate, | ||
- | |||
- | ===== This is how would look if both listeners are enabled | ||
- | |||
- | {{: | ||
If not you will need to do the steps above. | If not you will need to do the steps above. | ||
Line 84: | Line 80: | ||
winrm quickconfig | winrm quickconfig | ||
# this will let us use the http listener with password auth | # this will let us use the http listener with password auth | ||
- | winrm set winrm/ | + | winrm set winrm/ |
+ | |||
+ | # make sure this settings are set like this. | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
</ | </ | ||
Line 111: | Line 115: | ||
C: | C: | ||
Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert: | Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert: | ||
+ | ############################################################################################ | ||
+ | # THIS IS ONLY IF YOU WANT TO TEST THE CA VERIFICATION ON THE HOST WITH Enter-PSSession cmd | ||
Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert: | Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert: | ||
+ | ############################################################################################ | ||
+ | winrm set winrm/ | ||
+ | winrm set winrm/ | ||
winrm create winrm/ | winrm create winrm/ | ||
netsh advfirewall firewall add rule name=" | netsh advfirewall firewall add rule name=" | ||
Line 158: | Line 167: | ||
</ | </ | ||
+ | |||
+ | ======= Manually adding the Client certs on the target windows machine ====== | ||
+ | |||
+ | Pop up a powershell windows and type these lines with your own credentials in it. | ||
+ | |||
+ | <code powershell> | ||
+ | $username = " | ||
+ | $password = " | ||
+ | $pfx_password = " | ||
+ | $certThumb = " | ||
+ | $CN = "CN OF THE CLIENT CERT" | ||
+ | |||
+ | $secure_password = ConvertTo-SecureString $password -AsPlainText -Force | ||
+ | $pfx_secure_password = ConvertTo-SecureString $pfx_password -AsPlainText -Force | ||
+ | |||
+ | Import-PfxCertificate -FilePath winrmclientcert.pfx -CertStoreLocation Cert: | ||
+ | Import-PfxCertificate -FilePath winrmclientcert.pfx -CertStoreLocation Cert: | ||
+ | |||
+ | $cred = New-Object System.Management.Automation.PSCredential " | ||
+ | |||
+ | # CREATE WINRM CERT MAPPING | ||
+ | New-Item -Path WSMan: | ||
+ | |||
+ | # Test client connection with client cert auth without skipping the CA | ||
+ | Test-WSMan -ComputerName $env: | ||
+ | |||
+ | # test client connection with client cert auth and skip the CA verification and CN check | ||
+ | $opt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck | ||
+ | Enter-PSSession -ComputerName $env: | ||
+ | |||
+ | |||
+ | # Remove Client mapping (in case you want to remove it) | ||
+ | # THIS WILL REMOVE ALL CLIENT CERTITIFACTES IN WSMAN | ||
+ | Remove-Item -Path WSMan: | ||
+ | </ |