User Tools

Site Tools


juju-manual

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
juju-manual [2016/12/08 19:29]
sgiulitti [Step 2]
juju-manual [2016/12/08 21:52] (current)
Line 80: Line 80:
 winrm quickconfig winrm quickconfig
 # this will let us use the http listener with password auth # this will let us use the http listener with password auth
-winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' 
 + 
 +# make sure this settings are set like this. 
 +winrm set winrm/config/client '@{TrustedHosts="*"}' 
 +winrm set winrm/config/client/auth '@{Basic="true"}' 
 +winrm set winrm/config/client/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service/auth '@{Basic="true"}' 
 +winrm set winrm/config/service/auth '@{Certificate="true"}' 
 +winrm set winrm/config/service '@{AllowRemoteAccess="true"}'
  
 </code> </code>
Line 107: Line 115:
 C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass: C:\OpenSSL-Win64\bin\openssl.exe pkcs12 -export -out winrmcacert.pfx -inkey winrmcacert.key -in winrmcacert.cer -name "maas-win2k12r2" -passout pass:
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\My
 +############################################################################################
 +# THIS IS ONLY IF YOU WANT TO TEST THE CA VERIFICATION ON THE HOST WITH Enter-PSSession cmd
 Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root Import-PfxCertificate -FilePath .\winrmcacert.pfx -CertStoreLocation Cert:\LocalMachine\Root
 +############################################################################################
 winrm set winrm/config/service/auth '@{Certificate="true"}' winrm set winrm/config/service/auth '@{Certificate="true"}'
 winrm set winrm/config/client/auth '@{Certificate="true"}' winrm set winrm/config/client/auth '@{Certificate="true"}'
Line 183: Line 194:
  
 # test client connection with client cert auth and skip the CA verification and CN check # test client connection with client cert auth and skip the CA verification and CN check
-$opt = $SessionOptions = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck+$opt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck
 Enter-PSSession -ComputerName $env:COMPUTERNAME -CertificateThumbprint $thumbprint -Authentication Default -SessionOption $opt Enter-PSSession -ComputerName $env:COMPUTERNAME -CertificateThumbprint $thumbprint -Authentication Default -SessionOption $opt
  
  
 # Remove Client mapping (in case you want to remove it) # Remove Client mapping (in case you want to remove it)
 +# THIS WILL REMOVE ALL CLIENT CERTITIFACTES IN WSMAN
 Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null Remove-Item -Path WSMan:\localhost\ClientCertificate\ClientCertificate_* -Recurse -force | Out-null
 </code> </code>
juju-manual.1481218175.txt.gz · Last modified: 2016/12/08 19:29 (external edit)