User Tools

Site Tools


juju-manual

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
juju-manual [2016/12/08 19:22]
sgiulitti
juju-manual [2016/12/08 21:52] (current)
Line 80: Line 80:
 winrm quickconfig winrm quickconfig
 # this will let us use the http listener with password auth # this will let us use the http listener with password auth
-winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' 
 + 
 +# make sure this settings are set like this. 
 +winrm set winrm/config/client '@{TrustedHosts="*"}' 
 +winrm set winrm/config/client/auth '@{Basic="true"}' 
 +winrm set winrm/config/client/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service/auth '@{Basic="true"}' 
 +winrm set winrm/config/service/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service '@{AllowRemoteAccess="true"}'
  
 </code> </code>
Line 107: Line 115:
 C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass: C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass:
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My
 +############################################################################################
 +# THIS IS ONLY IF YOU WANT TO TEST THE CA VERIFICATION ON THE HOST WITH Enter-PSSession cmd
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root
 +############################################################################################
 +winrm set winrm/config/service/auth '@{Certificate="true"}'
 +winrm set winrm/config/client/auth '@{Certificate="true"}'
 winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="maas-win2k12r2";CertificateThumbprint="THUMBPRINT"}' winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="maas-win2k12r2";CertificateThumbprint="THUMBPRINT"}'
 netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986 netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986
Line 162: Line 175:
 $username = "Administrator" $username = "Administrator"
 $password = "Pa$$sword" $password = "Pa$$sword"
 +$pfx_password = "SomePfxPassword"
 $certThumb = "PASTE-HERE-CLIENT-CERT-THUMBPRINT" $certThumb = "PASTE-HERE-CLIENT-CERT-THUMBPRINT"
 $CN = "CN OF THE CLIENT CERT" $CN = "CN OF THE CLIENT CERT"
  
 $secure_password = ConvertTo-SecureString $password -AsPlainText -Force $secure_password = ConvertTo-SecureString $password -AsPlainText -Force
 +$pfx_secure_password = ConvertTo-SecureString $pfx_password -AsPlainText -Force
 +
 +Import-PfxCertificate -FilePath winrmclientcert.pfx -CertStoreLocation Cert:\LocalMachine\My -Passsword $pfx_secure_password
 +Import-PfxCertificate -FilePath winrmclientcert.pfx -CertStoreLocation Cert:\LocalMachine\Root -Passsword $pfx_secure_password
 +
 $cred = New-Object System.Management.Automation.PSCredential "$ENV:COMPUTERNAME\$username", $secure_password $cred = New-Object System.Management.Automation.PSCredential "$ENV:COMPUTERNAME\$username", $secure_password
  
Line 172: Line 191:
  
 # Test client connection with client cert auth without skipping the CA # Test client connection with client cert auth without skipping the CA
- 
 Test-WSMan -ComputerName $env:COMPUTERNAME -Authentication ClientCertificate -CertificateThumbprint $certThumb Test-WSMan -ComputerName $env:COMPUTERNAME -Authentication ClientCertificate -CertificateThumbprint $certThumb
 +
 +# test client connection with client cert auth and skip the CA verification and CN check
 +$opt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck
 +Enter-PSSession -ComputerName $env:COMPUTERNAME -CertificateThumbprint $thumbprint -Authentication Default -SessionOption $opt
 +
  
 # Remove Client mapping (in case you want to remove it) # Remove Client mapping (in case you want to remove it)
 +# THIS WILL REMOVE ALL CLIENT CERTITIFACTES IN WSMAN
 Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null
 </code> </code>
juju-manual.1481217764.txt.gz · Last modified: 2016/12/08 19:22 by sgiulitti