Winrm https using auto-generated self-signed rdp certificate (aws)


#1

We have the certificate, which aws gives us the fingerprint of in the
console output.
I’ve manually copied in into place with the gui and have had it work fine.
I’m still having trouble getting the certificate from the “Remote
Desktop” store into the right place in an automated fashion without
the gui.
Any thoughts?


PS C:\> hostname
ip-0A71462E
PS C:\> dir "cert:\localmachine\Remote Desktop"


    Directory: Microsoft.PowerShell.Security\Certificate::localmachine\Remote
Desktop


Thumbprint                                Subject
----------                                -------
18315D1A11CA40F46A5EC777012986055095BB75  CN=ip-0A71462E


PS C:\> winrm quickconfig -transport:https
WinRM service is already running on this machine.
WSManFault
    Message
        ProviderFault
            WSManFault
                Message = Cannot create a WinRM listener on HTTPS
because this machine does not have an appropriate cert
ificate. To be used for SSL, a certificate must have a CN matching the
hostname, be appropriate for Server Authenticatio
n, and not be expired, revoked, or self-signed.

Error number:  -2144108267 0x80338115
Cannot create a WinRM listener on HTTPS because this machine does not
have an appropriate certificate. To be used for SS
L, a certificate must have a CN matching the hostname, be appropriate
for Server Authentication, and not be expired, rev
oked, or self-signed.


#2

Too bad the obvious solution didn’t work :slight_smile:

PS C:> copy-item "cert:\localmachine\Remote
Desktop\18315D1A11CA40F46A5EC777012986055095BB75"
"cert:\localmachine\My"
copy-item : Provider operation stopped because the provider does not
support this operation.
At line:1 char:1

  • copy-item "cert:\localmachine\Remote
    Desktop\18315D1A11CA40F46A5EC77701298605509 …
  •   + CategoryInfo          : NotImplemented: (:) [Copy-Item],
    

PSNotSupportedException
+ FullyQualifiedErrorId :
NotSupported,Microsoft.PowerShell.Commands.CopyItemCommand