Article ID: 2019527 - View products that this article applies to.
By default WinRM uses Kerberos for authentication so Windows never sends the password to the system requesting validation... To get a list of your authentication settings type the following:
winrm get winrm/config
The purpose of configuring WinRM for HTTPS is to encrypt the data being sent across the wire.
WinRM HTTPS requires a local computer "Server Authentication" certificate with a CN matching the hostname, that is not expired, revoked, or self-signed to be installed.
To install or view certificates for the local computer:
- click Start, run, MMC, "File" menu, "Add or Remove Snap-ins" select "Certificates" and click "Add". Go through the wizard selecting "Computer account".
- Install or view the certificates under:
If you do not have a Sever Authenticating certificate consult your certicate administrator. If you have a microsoft Certificate server you may be abel to request a certificate using the web certificate template from HTTPS://<MyDomainCertificateServer>/certsrv
Once the certificate is installed type the following to configure WINRM to listen on HTTPS:
winrm quickconfig -transport:https
If you do not have an appropriate certificate you can run the following with the authentication methods configured for WinRM however the data will not be encrypted.
By default WinRM HTTP uses port 80. On Windows 7 and higher the default port is 5985.
To confirm WinRM is listening on HTTPS type the following:
winrm enumerate winrm/config/listener
To confirm a computer certificate has been installed use the Certificates MMC add-in or type the following:
Winrm get http://schemas.microsoft.com/wbem/wsman/1/config
If you get the following error message:
Error number: -2144108267 0x80338115
open the certificates MMC add-in and confirm the following attributes are correct:
If you have more than one local computer account server certificate installed confirm the CertificateThumbprint displayed by:
Winrm enumerate winrm/config/listener
is the same Thumbprint on the Details tab of the certificate.
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2019527 - Last Review: July 18, 2012 - Revision: 9.0