证书

证书

关注
发信
关注(28)粉丝(399)

WinRm - 由于SSL证书不正确,无法在HTTPS上创建WinRM侦听器

本文介绍了WinRm - 由于SSL证书不正确,无法在HTTPS上创建WinRM侦听器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想通过https传输使用WinRM。我已经购买了一个Comodo证书(错误声明我不能使用自签名证书),主题与我的Windows 10计算机(未加入域名)中的FQDN(系统中的完整计算机名称)匹配:

I want to use WinRM with https transport. I've bought a Comodo certificate (the error states I cannot use a self-signed certificate) with the Subject matching my FQDN (Full computer name in System) of my Windows 10 computer (not domain joined):

CN = my.domain.net 
OU = PositiveSSL 
OU = Domain Control Validated

尝试使用以下命令创建https监听器时:

When trying to create a https listener with the following command:

我收到错误消息:

我在几个商店(本地机器/个人和受信任的根证书颁发机构)中安装了(双击* .crt文件)证书,但WinRM无法创建https监听器。 http监听器工作正常。

I've installed (doubleclick the *.crt file) the certificate in several stores (local machine / personal and Trusted Root Certification Authorities) but WinRM fails to create the https listener. The http listener is working OK.

一些额外信息:使用certreq尝试安装 *。cer 证书,我收到错误:

Some extra info: When using certreq to try to install the *.cer certificate, I get the error:

如何让WinRM使用https?

How do I get WinRM working with https?

推荐答案

以下是我解决此问题的方法:

Here is how I solved this issue:


  • 使用DigiCert创建SSL CSR来自digicert.com的Windows证书实用程序

  • 使用generate CSR来申请证书。我使用了versio.nl,但我猜有很多CA在那里

  • 通过双击安装证书

  • 转到用户证书管理员

  • 右键单击证书(我应该在个人商店中)并将其导出
    - 按照向导确保导出私钥

  • 在本地计算机证书商店中安装新导出的证书(将密钥标记为可导出并包括所有扩展属性)

  • create a SSL CSR using DigiCert Certificate Utility for Windows from digicert.com
  • use the generate CSR to request a certificate. I used versio.nl but I'll guess there are a lot of CA's out there
  • Install the certificate by double clicking it
  • go to the certificate manager for user
  • rightclick the certificate (it should me in the personal store) and export it- follow the wizard and be sure to export the private key
  • install the newly exported certificate (mark the key as exportable and include all extended properties) in the local computer certificate store

使用管理员privilidges打开一个控制台(cmd)并输入:

Open an console (cmd) with administrator privilidges and type:

这对我有用。有些事情要检查它是否不起作用:

This worked for me. Some things to check if it is not working:


  1. 证书仍然有效(检查日期范围)

  2. 检查证书属性Subject是否具有包含计算机FQDN的CN值

  3. 检查是否安装了侦听器(winrm e winrm / config / listener)

我花了很多时间来解决这个问题。我希望它会帮助你们中的一些人。

I took me a lot of hours to figure this out. I hope it will help some of you out there.

这篇关于WinRm - 由于SSL证书不正确,无法在HTTPS上创建WinRM侦听器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-31 11:03
Powered by LMLPHP ©2024 证书 0.004055