If required, you can configure SSL/TLS certificates to encrypt the data flow between the
Windows servers and BlueCat Overlay for Microsoft.
- Verify if WINRM is listening on HTTPS using the following
command:
winrm e winrm/config/listener
- You can also execute the following commands in the PowerShell prompt to automate
the HTTPS configuration:
- Retrieve the FQDN of the Windows
Server:
$fqdn = (Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain
- Create a new Self-Signed Certificate. You can also use a certificate
signed by an external CA. You must save it under Trusted Root CA for
WINRM:
$cert = (New-SelfSignedCertificate -DnsName $fqdn -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
- Create a command to enable HTTPS Listener using the FQDN and HTTP
Certificates from the previous
commands:
$winrmcmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$fqdn`"; CertificateThumbprint=`"$cert`"}'"
- Create the HTTPS Listener using
WINRM:
Invoke-Expression $winrmcmd
- Validate that the HTTPS Listener is configured and
running.
Listener Address = * Transport = HTTPS Port = 5986 Hostname = dc1.contoso.com Enabled = true URLPrefix = wsman CertificateThumbprint = a0599c5b28519c90f185ccecdb418cb71ad72f8e ListeningOn = 10.244.133.31, 127.0.0.1, 192.168.103.10, ::1, fd79:c344:4793:6fc9:9105:1c3f:a785:f25d, fe80::5efe:10.244.133.31%16, fe80::5efe:192.168.103.10%15, fe80 ::3492:b293:a8e3:96%14, fe80::9105:1c3f:a785:f25d%12
- Retrieve the FQDN of the Windows
Server:
Note: You must also add a firewall rule to the Windows firewall to allow SSL
traffic. For more information, refer to https://cloudblogs.microsoft.com/industry-blog/en-gb/technetuk/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/