[Openwsman-devel] Https connections

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[Openwsman-devel] Https connections

emil
Hello,
Sorry for shooting a simple question. I would like to enable https connection between Windows PC and my linux application which uses openwsman API. I found the following functions:
- wsman_transport_set_cainfo(cl, cainfo);
- wsman_transport_set_cert(cl, cert);
- wsman_transport_set_key(cl, sslkey);

Can somebody write me which one I should use and how I show configure the Windows machine, please?
Best regards
Reply | Threaded
Open this post in threaded view
|

Re: [Openwsman-devel] Https connections

emil
Hello,
I found very useful wiki site which describes how to create and install certificate for Windows Remote Management service:
https://github.com/Openwsman/openwsman/wiki/Https-with-winrm

Then follow this steps to have https communication between service and wsman terminal client:
1. Configure WinRm service on Windows machine.
2. Read thumbprint from from the Certificate (in MMC double-click on the desired certificate, then choose the Details tab in the Certificate property page and select the Thumbprint field).
3. Create HTTPS Listener Instance
winrm create winrm/config/Listener?Address=*+Transport=HTTPS  @{Hostname="G02PLXNNOW20231.g02.fujitsu.local";CertificateThumbprint="b8a584ad2e5852c6fcdfb0922a5795c0d8552435"}
where:
• IP is the TCP/IP address of the Listener system.
• Port is the TCP/IP port that the Listener is to listen to requests on.
• Hostname is the name of the system as it appears in the Certificate.
• CertificateThumbprint is the thumbprint copied from the Certificates MMC Snap-in from the previous section. Note that you must remove the spaces from between the two-digit hex values in the thumbprint as it appears in the Certificate dialog box.
To list listeners:
 winrm enumerate winrm/config/listener
4. Test connection from Linux machine:
$ wsman enumerate -h G02PLXNNOW20231.g02.fujitsu.local --port 5986 --cacert=hostname.pem --username wsman -p Opensm2. -d 6 --auth basic http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/Win32_PerfRawData_PerfOS_Memory
If you don't want to verify server certificate add -V option.