Configure WinRM to Use HTTP

You can configure the WinRM host to enable communication through the HTTP protocol. 

 You must modify the WinRM configuration by running commands on the WinRM host machine. You can use the same machine as both the WinRM service and WinRM client.

  • Run the following command to set the default WinRM configuration values.

           c:\> winrm quickconfig

  • (Optional) Run the following command to check whether a listener is running, and verify the default ports.

           c:\> winrm e winrm/config/listener

  • Enable basic authentication on the WinRM service.

           a. Run the following command to check whether basic authentication is allowed.

               c:\> winrm get winrm/config

           b. Run the following command to enable basic authentication.

                c:\> winrm set winrm/config/service/auth @{Basic="true"}

  • Run the following command to allow transfer of unencrypted data on the WinRM service.

    c:\> winrm set winrm/config/service @{AllowUnencrypted="true"}

  •  Enable basic authentication on the WinRM client.

            a. Run the following command to check whether basic authentication is allowed.

                c:\> winrm get winrm/config

            b. Run the following command to enable basic authentication.

                 c:\> winrm set winrm/config/client/auth @{Basic="true"}

  • Run the following command to allow transfer of unencrypted data on the WinRM client.

    c:\> winrm set winrm/config/client @{AllowUnencrypted="true"}

  • If the WinRM host machine is in an external domain, run the following command to specify the trusted hosts.

          c:\> winrm set winrm/config/client @{TrustedHosts="host1, host2, host3"}

  • Run the following command to test the connection to the WinRM service.

           c:\> winrm identify -r:http://winrm_server:5985 -auth:basic -u:user_name -p:password -encoding:utf-8


Configure WinRM to Use HTTPS

 You can configure the WinRM host to enable communication through the HTTPS protocol.

The WinRM host requires a certificate so that it can communicate through the HTTPS protocol. You can either obtain a certificate or generate one. For example, you can generate a self-signed certificate by using the Certificate Creation tool (makecert.exe) that is part of the .NET Framework SDK.


Verify that you can access the Microsoft Management Console (mmc.exe) on the WinRM host.

Procedure

  • Generate a self-signed certificate.

    The following command line contains example syntax for creating a certificate on the WinRM host by using makecert.exe.

           makecert.exe -r -pe -n "CN=host_name-3,O=organization_name" -e mm/dd/yyyy -eku 1.3.6.1.5.5.7.3.1 -ss my -sr

           localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 certificate_name.cer

  • Add the generated certificate by using the Microsoft Management Console.

    a.  Run mmc.exe.

    b. Select File > Add/Remove Snap-in.
     
    c. From the list of available snap-ins, select Certificates and click Add.

    d. Select Computer account and click Next.

    e. Click Finish.

    f. Verify that the certificate is installed in Console Root > Certificates (Local Computer) > Personal > Certificates and Console Root > Certificates (Local Computer) > Trusted Root 
        Certification Authorities > Certificates.
     
    If the certificate is not installed in the Trusted Root Certification Authorities and Personal folders, you must install it manually.

  • Create an HTTPS listener by using the correct thumbprint and host name.

    The following command line contains example syntax for creating an HTTPS listener.

    winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="host_name";CertificateThumbprint="certificate_thumbprint"}

  • Test the connection.

    The following command line contains example syntax for testing the connection.

           winrs -r:https://host_name:port_number -u:user_name -p:password hostname"

 

 


  • No labels