By default, Windows remoting requests are unencrypted. An HTTPS listener can be created to support encryption. Before attempting to create an HTTPS listener, a certificate is required.
Using a self-signed certificate is often the first step when configuring SSL. Windows 10 comes with a PKI module that can be used to create a certificate. The PKI module is only available in Windows PowerShell. In the following example, a self-signed certificate is created in the computer's personal store:
PS> New-SelfSignedCertificate -DnsName $env:COMPUTERNAME
PSParentPath: Microsoft.PowerShell.SecurityCertificate::LocalMachineMY
Thumbprint Subject
---------- -------
D8D2F174EE1C37F7C2021C9B7EB6FEE3CB1B9A41 CN=SSLTEST
Once the certificate has been created, an HTTPS listener may be created using the WSMan drive:
$params = @{
Path = 'WSMan:localhostListener'
Address = '*'
Transport = 'HTTPS'
CertificateThumbprint = 'D8D2F174EE1C37F7C2021C9B7EB6FEE3CB1B9A41'
Force = $true
}
New-Item @params
The Force parameter is used to suppress a confirmation prompt.
If Windows Firewall is running, a new rule must also be created to allow the connection:
$params = @{
DisplayName = $name = 'Windows Remote Management (HTTPS-In)'
Name = $name
Profile = 'Any'
LocalPort = 5986
Protocol = 'TCP'
}
New-NetFirewallRule @params