(Optional) Configuring SSL/TLS certificates to encrypt data flow - Adaptive Applications - BlueCat Gateway - 22.7

BlueCat Overlay for Microsoft

Locale
English (United States)
Product name
BlueCat Gateway
Version
22.7
If required, you can configure SSL/TLS certificates to encrypt the data flow between the Windows servers and BlueCat Overlay for Microsoft.
  • Verify if WINRM is listening on HTTPS using the following command:
    winrm e winrm/config/listener
  • You can also execute the following commands in the PowerShell prompt to automate the HTTPS configuration:
    1. Retrieve the FQDN of the Windows Server:
      $fqdn = (Get-WmiObject win32_computersystem).DNSHostName+"."+(Get-WmiObject win32_computersystem).Domain
    2. Create a new Self-Signed Certificate. You can also use a certificate signed by an external CA. You must save it under Trusted Root CA for WINRM:
      $cert = (New-SelfSignedCertificate -DnsName $fqdn -CertStoreLocation Cert:\LocalMachine\My).Thumbprint
    3. Create a command to enable HTTPS Listener using the FQDN and HTTP Certificates from the previous commands:
      $winrmcmd = "winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname=`"$fqdn`"; CertificateThumbprint=`"$cert`"}'"
    4. Create the HTTPS Listener using WINRM:
      Invoke-Expression $winrmcmd
    5. Validate that the HTTPS Listener is configured and running.
      Listener
          Address = *
          Transport = HTTPS
          Port = 5986
          Hostname = dc1.contoso.com
          Enabled = true
          URLPrefix = wsman
          CertificateThumbprint = a0599c5b28519c90f185ccecdb418cb71ad72f8e
          ListeningOn = 10.244.133.31, 127.0.0.1, 192.168.103.10, ::1, fd79:c344:4793:6fc9:9105:1c3f:a785:f25d, fe80::5efe:10.244.133.31%16, fe80::5efe:192.168.103.10%15, fe80
      ::3492:b293:a8e3:96%14, fe80::9105:1c3f:a785:f25d%12
Note: You must also add a firewall rule to the Windows firewall to allow SSL traffic. For more information, refer to https://cloudblogs.microsoft.com/industry-blog/en-gb/technetuk/2016/02/11/configuring-winrm-over-https-to-enable-powershell-remoting/