Configure WinRM with HTTPS

Follow

Ibrahim AbouElyazed -

Issue

Steps in details about Configure WinRM with HTTPS

Environment

XLDeploy, Windows

Resolution

Please find below steps in more details which need to be followed to make sure https connection work fine,

On Target Windows,

 1- Follow all steps in this link set-up-winrm-in-xl-deploy-and-on-a-target-host to setup winrm and generate self signed certificate,

 2- Then in order to export the certificate follow below steps (you can use any tool to export it, here i used default windows tool),

Run mmc.exe
Click the 'Console' menu and then click 'Add/Remove Snap-in'.
Click the 'Add' button and then choose the 'certificates' snap-in and click on 'Add'.
Select 'Computer Account' then click 'Next'.
Select 'Local Computer' and then click 'OK'.
Click 'Close' and then click 'OK'.
Expand the menu for 'Certificates' and click on the 'Personal' folder.
Right click on the certificate that you want to export and select 'All tasks' → 'Export'.
A wizard will appear. Make sure you check the box no, donot export the private key, then select format "Base-64 encoded X.509 (.CER)" and at the end specify name and place you want to save your certificate in.

 3- Then copy your .cer file to XLD linux machine.

 

On XLD "in my case it is installed on Linux Server, you can match the same to windows",

 1- If you want to confirm that certificate file is not corrupted you can test it using below commands,

openssl x509 -in /PATH/TO/CERT/testPcCert2.cer
Or keytool -printcert -file /PATH/TO/CERT/testPcCert2.cer

 2- Import New Certificate in XLD keystore, in below example the new keystore will be XLDTruststore.jks, the certificate is testPcCert2.cer and alias is testPC,

cd XLD_HOME/conf
keytool -import -trustcacerts -alias testPc -keystore XLDTruststore.jks -file /PATH/TO/CERT/testPcCert2.cer

 3- To Confirm that certificate file is imported successfully list keystore file and check hostname there,

cd XLD_HOME/conf
keytool -list -v -keystore XLDTruststore.jks

 4- For XLD you need to update XLD_HOME/conf/xld-wrapper-linux.conf "win in your case" and add below lines, Use the password specified when creating the truststore in the step 2 above:

wrapper.java.additional.X=-Djavax.net.ssl.trustStore=conf/XLDTruststore.jks
wrapper.java.additional.X+1=-Djavax.net.ssl.trustStorePassword=test123

X should be sequence number based on what you will find in xld-wrapper-linux.conf, for example,

wrapper.java.additional.1=-Xmx1024m
wrapper.java.additional.2=-Dlogback.configurationFile=conf/logback.xml
wrapper.java.additional.3=-Dderby.stream.error.file=log/derby.log
wrapper.java.additional.4=-Djavax.net.ssl.trustStore=conf/XLDTruststore.jks
wrapper.java.additional.5=-Djavax.net.ssl.trustStorePassword=test123

 5- You need to make sure when configuring windows host in XLD to write the hostname "that matches what is in certificate" not the ip.
Then make sure to update /etc/hosts on both XLD server and "jumpstation server if used" to map hostname with target machine ip, for example,

192.168.0.30 test-PC 

After that you can check connection from XLD test connection control task.

Cause

For security reasons you may need to configure WinRM with https instead of normal http

Additional Information

Attached xld-wrapper-linux.conf which is an example of configurations, Also XLDTruststore.jks which is trust Store file.

Tags

XLDeploy, WinRM

Have more questions? Submit a request
Powered by Zendesk