In environments where an in-house certificate granting authority (CA) is in use, the CA’s certificate must be added to the Agent Manager’s trust keystore. The Agent Manager then assumes that the authority, and any signed certificates it issues, are trusted.
To add a certificate to the keystore:
fglam --add-certificate alias=/path/to/certificate/file
If the import succeeds, the Agent Manager automatically recognizes and uses the certificate.
Note: For how to configure WinRM? Refer to "Manually configuring WinRM HTTP access" section in the Technical Documentation
Note: To make the WinRm connection be FIPS compliant, it requires to disable the DCOM, WinRm HTTP listener on the target host, only the WinRM HTTPs listener allowed.