4

I have created a SSL Server Authentication certificate with a CN matching the servers hostname. However, using winrm qc -transport:https fails with the following error

Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.

If I specify the hostname and certificate thumbprint when using winrm qc a https listener is created as expected.

The certificate is located in Certificates (Local Computer) > Personal > Certificates and Issued To: on the certificate matches the servers fully qualified hostname. The certificate is being signed by our internal CA (Windows Server 2008 AC Certificate Servers) and the root cert is installed on the server. Certificate properties show it's trusted.

Any ideas why winrm qc -transport:https would not be correctly using the certificate to configure a https listener?

Jon Moore
  • 156
  • 1
  • 6
  • What happens when you try the long form: http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-79-57-metablogapi/1856.image62_5F00_7C24A177.png – Ryan Ries May 05 '15 at 14:05
  • @RyanRies using the long form works as expected. The HTTPS listener is created successfully. – Jon Moore May 05 '15 at 14:10

1 Answers1

3

Try the slightly less quick way:

winrm config

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Yes, this does work. However, my goal is to use quickconfig and not have to specify a certificate in this manner. – Jon Moore May 05 '15 at 20:24