Cloudbase Solutions Wiki

User Tools

Site Tools

Trace:
juju-manual

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
juju-manual [2016/12/08 19:28]
sgiulitti [Manually adding the Client certs on the target windows machine] 		juju-manual [2016/12/08 21:52] (current)
Line 80: Line 80:
 winrm quickconfig winrm quickconfig
 # this will let us use the http listener with password auth # this will let us use the http listener with password auth
-winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' 
 + 
 +# make sure this settings are set like this. 
 +winrm set winrm/config/client '@{TrustedHosts="*"}' 
 +winrm set winrm/config/client/auth '@{Basic="true"}' 
 +winrm set winrm/config/client/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service/auth '@{Basic="true"}' 
 +winrm set winrm/config/service/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service '@{AllowRemoteAccess="true"}'
  
 </code> </code>
Line 107: Line 115:
 C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass: C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass:
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My
 +############################################################################################
 +# THIS IS ONLY IF YOU WANT TO TEST THE CA VERIFICATION ON THE HOST WITH Enter-PSSession cmd
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root
 +############################################################################################
 +winrm set winrm/config/service/auth '@{Certificate="true"}'
 +winrm set winrm/config/client/auth '@{Certificate="true"}'
 winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="maas-win2k12r2";CertificateThumbprint="THUMBPRINT"}' winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="maas-win2k12r2";CertificateThumbprint="THUMBPRINT"}'
 netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986 netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=5986
Line 181: Line 194:
  
 # test client connection with client cert auth and skip the CA verification and CN check # test client connection with client cert auth and skip the CA verification and CN check
-$opt = $SessionOptions = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck+$opt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck
 Enter-PSSession -ComputerName $env:COMPUTERNAME -CertificateThumbprint $thumbprint -Authentication Default -SessionOption $opt Enter-PSSession -ComputerName $env:COMPUTERNAME -CertificateThumbprint $thumbprint -Authentication Default -SessionOption $opt
  
  
 # Remove Client mapping (in case you want to remove it) # Remove Client mapping (in case you want to remove it)
 +# THIS WILL REMOVE ALL CLIENT CERTITIFACTES IN WSMAN
 Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null
 </code> </code>
juju-manual.1481218082.txt.gz · Last modified: 2016/12/08 19:28 by sgiulitti

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki