Thanks for the detailed dive into SSL/PKC setup for PowerShell Remoting! I appreciate the effort of demonstrating all the different errors you can expect, and the why and how for resolving them. You probably explained this and I missed it, but the Export-Certificate cmdlet exports the public key, and not the private key. So when importing the cert on the client-side Windows Certificate Store, that .CER file isn’t particularly sensitive - it should have the same information in it you would get when trying to connect to the RED server, or for example connecting to any web server over HTTPS. By importing the .CER file into the psremoting client cert store’s trusted root list, it’s simply saying “yeah I know about that certificate and it’s trustworthy”. If you ever need to export a cert with the private key, I think Export-PfxCertificate will do it. Generally unless you specify a password when exporting, you can be relatively sure the private key isn’t being exported. Thanks again for the excellent guide!! I’ll probably be referencing it a few times :)
quite right Export-PfxCertificate would be the option, if you wanted to only export the public key. To be honest I recreate the lab fresh most times including the CA so never really cared about the private key ;) And should really use a PKI if you do, as tracking certificate expiry is also important, I seem to remember saying that in every video :)
Hello, on remote server (2019) i have created user called "svc_test", i gave him admin permission. Now i want to connect to this user via CBA .. I enabled WinRM HTTPS (one certificate issued from CA) .. the connection is working. However im struggling with connecting to the user via cert (i dont want to store credentials in my code, i just want to use certificate thumbprint) some guidenance would be appreciated
Thanks for the detailed dive into SSL/PKC setup for PowerShell Remoting! I appreciate the effort of demonstrating all the different errors you can expect, and the why and how for resolving them.
You probably explained this and I missed it, but the Export-Certificate cmdlet exports the public key, and not the private key. So when importing the cert on the client-side Windows Certificate Store, that .CER file isn’t particularly sensitive - it should have the same information in it you would get when trying to connect to the RED server, or for example connecting to any web server over HTTPS. By importing the .CER file into the psremoting client cert store’s trusted root list, it’s simply saying “yeah I know about that certificate and it’s trustworthy”.
If you ever need to export a cert with the private key, I think Export-PfxCertificate will do it. Generally unless you specify a password when exporting, you can be relatively sure the private key isn’t being exported.
Thanks again for the excellent guide!! I’ll probably be referencing it a few times :)
quite right Export-PfxCertificate would be the option, if you wanted to only export the public key.
To be honest I recreate the lab fresh most times including the CA so never really cared about the private key ;)
And should really use a PKI if you do, as tracking certificate expiry is also important, I seem to remember saying that in every video :)
Hello, on remote server (2019) i have created user called "svc_test", i gave him admin permission. Now i want to connect to this user via CBA ..
I enabled WinRM HTTPS (one certificate issued from CA) .. the connection is working. However im struggling with connecting to the user via cert (i dont want to store credentials in my code, i just want to use certificate thumbprint) some guidenance would be appreciated