Further Reading: I wrote a follow up article called Powershell Remoting where I look at what happens when the certificate renews or gets deleted. The outcome is not what you’d think!
If you are going to use the View PowerCLI Cmdlets then enabling and using Powershell Remoting makes it a whole lot more accessible, otherwise you have to remote onto a Connection Server and run the cmdlets from there. Below I have some notes on getting WinRM setup to use HTTPS.
Once you have a Server Authentication certificate available on the machine you can run the following to obtain its thumbprint
1 |
gci cert:localmachine\my |
We’ll assign the certificate to a variable
1 |
$thumbprint = (gci cert:localmachine\my).Thumbprint |
(Note that the CN of the certificate must match the FQDN)
Assign the FQDN to a variable
1 |
$FQDN = "$ENV:ComputerName.$ENV:UserDNSDomain" |
Run the following command to enable the WinRM listener using HTTPS
1 2 |
$cmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname=`"$FQDN `";CertificateThumbprint=`"$thumbprint `"}" Invoke-Expression -command $cmd |
You should now find that WinRM is enabled to work over HTTPS. You can check the listener by running the following
1 |
winrm enumerate winrm/config/listener |
When using Invoke-Command, Invoke-Expression etc, don’t forget to use the -UseSSL switch and specify the FQDN of the remote computer.
This was tested in an enterprise environment with an internal Certificate Authority
Read the next article about remoting