How to configure WinRM HTTPS using a certificate? (4327838)

Configuring WinRM HTTPS access on the target machine

A valid server authentication certificate must be installed on the target machine in order to enable HTTPS.

To enable HTTPS access:

1. Open a command prompt window on the target machine.
2. Issue the following command:

   winrm quickconfig -transport:https

   The above command enabled HTTPS access using the certificate installed on the host. 

   If you want to use a different certificate, you can create a new HTTPS listener and specify the certificate:

   winrm create winrm/config/listener?Address=*+Transport=HTTPS @{Hostname="<host>";CertificateThumbrint="<thumbprint>"}

   Where:

   • host is a fully qualified host name, as it appears in the certificate.
   • thumbprint is the certificate thumbprint, with spaces removed.

Add certificates to the Agent Manager's trust keystore

In environments where an in-house certificate granting authority (CA) is in use, the CA’s certificate must be added to the Agent Manager's truststore.

To add the certifficate:

1. Ensure that the Agent Manager is running.
2. Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/bin directory.
3. Issue the following command:

   fglam --add-certificate alias=/path/to/saved.ca.certificate