Remoting and SSL

By default, Windows remoting requests are unencrypted. An HTTPS listener can be created to support encryption. Before attempting to create an HTTPS listener, a certificate is required.

Using a self-signed certificate is often the first step when configuring SSL. Windows 10 comes with a PKI module that can be used to create a certificate. The PKI module is only available in Windows PowerShell. In the following example, a self-signed certificate is created in the computer's personal store:

PS> New-SelfSignedCertificate -DnsName $env:COMPUTERNAME

PSParentPath: Microsoft.PowerShell.SecurityCertificate::LocalMachineMY

Thumbprint                               Subject
----------                               -------
D8D2F174EE1C37F7C2021C9B7EB6FEE3CB1B9A41 CN=SSLTEST

Once the certificate has been created, an HTTPS listener may be created using the WSMan drive:

$params = @{
    Path                  = 'WSMan:localhostListener'
    Address               = '*'
    Transport             = 'HTTPS'
    CertificateThumbprint = 'D8D2F174EE1C37F7C2021C9B7EB6FEE3CB1B9A41'
    Force                 = $true
}
New-Item @params

The Force parameter is used to suppress a confirmation prompt.

If Windows Firewall is running, a new rule must also be created to allow the connection:

$params = @{
    DisplayName = $name = 'Windows Remote Management (HTTPS-In)'
    Name        = $name
    Profile     = 'Any'
    LocalPort   = 5986
    Protocol    = 'TCP'
}
New-NetFirewallRule @params
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.134.103.74