How to connect with PSSession using for Auth a Certificate ThumbPrint?

Question

I am on a Windows Server 2012 R2 Machine (machine 1) and I want to connect with PSSession to another one (machine 2). For authentication I want to use a CertificateThumbprint (Is this possible?). The certificate is deposited on machine 2. To do that I use the following command:

New-PSSession -Computername 172.16.17.51 -CertificateThumbprint cd4eeae600ac7f452dfsflg32fs3r4

But I get a error that he cant find the certificate. Which certificate I have to use? Or did I need another command?

Thanks in advance

Answer 1

You will need the Certificate to be stored on Machine 1 as well as Machine 2. As when you try and connect the script will be looking in the local certificate store not that of the machine your connecting to.

When you install the certificate make sure you check the thumbprint again as this might change between machines.

I would put the cert into the local machine store under 'Trusted Root Cert Authorities' and 'Personal', once done you can get the thumbprint with the following command dir Cert:\LocalMachine\My\

For this to work you will have to enable Certificate authentication for winrm, and then add the cert to winrm certMapping table. If I can remember correctly to do this you will need to set up a https listener for your cert on the machine your connecting to. You may also need the parameter -useSSL on New-PSSession.

winrm create winrm/config/Listener?Address=IP:<Enter your IP Address Here>+Transport=HTTPS @{Hostname="<FQDN as it appears in the certifcate>";CertificateThumbprint="<Hexidecimal thumbprint certificate>"}