================================================================================
SIMPLIFIED INSTRUCTIONS - WinRM HTTPS with Certificate Authority
================================================================================

Location: /home/camp/winrm-ca-scripts/

All scripts now auto-detect files automatically!

================================================================================
STEP 1: Create Certificate Authority
================================================================================

On Windows, in PowerShell as Administrator:

  cd C:\path\to\winrm-ca-scripts
  .\Create-CA-Simple.ps1

Enter password: ShopfloorCA2025!

Creates:
  - Shopfloor-WinRM-CA-20251017.pfx  (CA private key)
  - Shopfloor-WinRM-CA-20251017.cer  (CA public cert)

================================================================================
STEP 2: Install CA on Your Computer
================================================================================

  Import-Certificate -FilePath "Shopfloor-WinRM-CA-20251017.cer" `
      -CertStoreLocation Cert:\LocalMachine\Root

(Replace date with actual file)

================================================================================
STEP 3: Sign All 175 PC Certificates
================================================================================

SIMPLE VERSION (Auto-detects everything):

  .\Sign-BulkCertificates.ps1

The script will:
  ✓ Automatically find shopfloor-hostnames.txt in current directory
  ✓ Automatically find the CA .pfx file
  ✓ Prompt for CA password
  ✓ Prompt for PC certificate password
  ✓ Sign all 175 certificates

Creates:
  - pc-certificates/batch-TIMESTAMP/
    - 175 PFX files (one per PC)
    - certificate-list.csv
    - SUMMARY.txt

================================================================================
WHAT CHANGED
================================================================================

BEFORE (Manual):
  .\Sign-BulkCertificates.ps1 `
      -HostnameFile "shopfloor-hostnames.txt" `
      -CAPfxPath "Shopfloor-WinRM-CA-20251017.pfx" `
      -CAPassword $caPass `
      -CertificatePassword $certPass

AFTER (Automatic):
  .\Sign-BulkCertificates.ps1

Much simpler! Just run it and answer the prompts.

================================================================================
DEPLOYING TO PCS
================================================================================

For each PC (example: G9KN7PZ3ESF):

1. Copy certificate to PC:
   Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-*.pfx" `
       -Destination "\\G9KN7PZ3ESF\C$\Temp\"

2. On the PC, import:
   $pass = Read-Host "Certificate Password" -AsSecureString
   $cert = Import-PfxCertificate `
       -FilePath "C:\Temp\G9KN7PZ3ESF-*.pfx" `
       -CertStoreLocation Cert:\LocalMachine\My `
       -Password $pass

3. Configure WinRM:
   .\Setup-WinRM-HTTPS.ps1 -CertificateThumbprint $cert.Thumbprint -Domain "logon.ds.ge.com"

================================================================================
TESTING CONNECTION
================================================================================

From YOUR computer:

  Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986

  $cred = Get-Credential
  Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
      -Credential $cred -UseSSL -Port 5986

No -SessionOption needed! Clean and secure!

================================================================================
TROUBLESHOOTING A REMOTE PC
================================================================================

Copy Test-RemotePC-Debug.bat and Test-RemotePC-Debug.ps1 to the PC.

Right-click Test-RemotePC-Debug.bat and "Run as Administrator"

Shows:
  - WinRM service status
  - Listeners
  - Ports
  - Firewall rules
  - Certificates
  - Network info

================================================================================
PASSWORDS
================================================================================

CA Password: ShopfloorCA2025!
PC Certificate Password: PCCert2025!

(Or use your own passwords)

================================================================================
FILES IN THIS DIRECTORY
================================================================================

1. Create-CA-Simple.ps1          - Creates CA
2. Sign-BulkCertificates.ps1     - Signs all 175 certs (AUTO-DETECTS FILES!)
3. Test-RemotePC-Debug.ps1       - Debug script for remote PCs
4. Test-RemotePC-Debug.bat       - Batch wrapper with bypass
5. shopfloor-hostnames.txt       - 175 PC hostnames
6. README.txt                    - Full detailed instructions
7. START-HERE.txt                - Quick start
8. SIMPLE-INSTRUCTIONS.txt       - This file (simplified!)

================================================================================
THAT'S IT!
================================================================================

Just run:
  1. .\Create-CA-Simple.ps1
  2. Import-Certificate (CA cert to Trusted Root)
  3. .\Sign-BulkCertificates.ps1

Then deploy to PCs!

================================================================================
