Olek Blog
Home
# WinRM 通过 https 通讯(Powershell脚本) ## 生成证书用于https连接 ``` $winrmCertificate = New-SelfSignedCertificate -Subject "CN=hostname" -CertStoreLocation "cert:\LocalMachine\My" -KeyAlgorithm RSA -KeyLength 4096 -KeyExportPolicy Exportable -NotAfter (Get-Date).AddYears(10) Export-Certificate -Cert $winrmCertificate -FilePath 'E:\winrmPublic.cer' Get-childitem WSMan:\Localhost\listener\ Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse Get-childitem WSMan:\Localhost\listener\ New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -Force -CertificateThumbPrint $winrmCertificate.Thumbprint ``` - hostname:为服务器的hostname - -FilePath: 导出公钥证书地址,用于客户端 ## 服务器开放端口 ``` New-NetFirewallRule -DisplayName "Allow_winrm_https" -Name "Windows Remote Management (HTTPS-In)" -Profile Any -LocalPort 5986 -RemoteAddress Any -Protocol TCP ``` ## 客户端导入证书 ``` Import-Certificate -Filepath 'd:\winrmPublic.cer' -CertStoreLocation "Cert:\LocalMachine\root" ``` - -Filepath:证书路径 ## 备注 客户端的连接账户必须具备Aministrator权限 Add user to the Administrators group (on the target machine) ``` net localgroup Administrators "DOMAIN\UserName" /add ``` 服务端允许远程连接 ``` Enable-PSRemoting -Force ``` 一些辅助命令 ``` winrm quickconfig winrm e winrm/config/listener winrm get winrm/config/service/auth winrm get winrm/config/service winrm get winrm/config ```