4.3 KiB
4.3 KiB
WinRM HTTPS Configuration
This folder contains scripts and documentation for setting up secure WinRM over HTTPS using a wildcard certificate for the *.logon.ds.ge.com domain.
📁 Files
Setup Scripts
| File | Description |
|---|---|
| Generate-WildcardCert.ps1 | Generates a self-signed wildcard certificate for *.logon.ds.ge.com |
| Setup-WinRM-HTTPS.ps1 | Configures WinRM HTTPS on a target computer |
| Test-WinRM-HTTPS-Setup.ps1 | Automated test workflow for single-device setup |
Collection Scripts
| File | Description |
|---|---|
| Invoke-RemoteAssetCollection-HTTPS.ps1 | Executes remote asset collection via WinRM HTTPS |
Data Files
| File | Description |
|---|---|
| shopfloor-hostnames.txt | Live list of 175 shopfloor PC hostnames from database |
| shopfloor-hostnames-example.txt | Example hostname list format |
Documentation
| File | Description |
|---|---|
| WINRM_HTTPS_DEPLOYMENT_GUIDE.md | Complete deployment guide with troubleshooting |
Quick Start
1. Generate Certificate (Testing)
# Run as Administrator
cd C:\path\to\winrm-https
# Generate self-signed wildcard certificate
.\Generate-WildcardCert.ps1
2. Test on Single Device
# Automated test (recommended)
.\Test-WinRM-HTTPS-Setup.ps1
# Or manual setup
$certPass = ConvertTo-SecureString "YourPassword" -AsPlainText -Force
.\Setup-WinRM-HTTPS.ps1 -CertificatePath ".\wildcard-*.pfx" `
-CertificatePassword $certPass -Domain "logon.ds.ge.com"
3. Deploy to Shopfloor PCs
# Test connections first
.\Invoke-RemoteAssetCollection-HTTPS.ps1 `
-HostnameListFile ".\shopfloor-hostnames.txt" `
-Domain "logon.ds.ge.com" `
-TestConnections
# Run collection
.\Invoke-RemoteAssetCollection-HTTPS.ps1 `
-HostnameListFile ".\shopfloor-hostnames.txt" `
-Domain "logon.ds.ge.com"
📋 Prerequisites
- Windows PowerShell 5.1 or later
- Administrator privileges
- Network connectivity
- Wildcard certificate for
*.logon.ds.ge.com(PFX format with private key)
🔐 Security Notes
- Self-signed certificates are for TESTING only
- For production, obtain a certificate from a trusted Certificate Authority
- Protect the PFX file password
- Use
-SkipCertificateCheckonly for testing
Shopfloor PCs
- Total PCs: 175
- Source: Database query filtered by
pctypeid = 3(Shopfloor type) - FQDN Format:
{hostname}.logon.ds.ge.com - Example:
G1JJVH63ESF.logon.ds.ge.com
Workflow
-
Generate/Obtain Certificate
- Use
Generate-WildcardCert.ps1for testing - Or obtain from CA for production
- Use
-
Setup Target PCs
- Copy certificate PFX to each PC
- Run
Setup-WinRM-HTTPS.ps1 - Verify with
Test-WSMan
-
Configure Management Server
- Install root CA certificate (if self-signed)
- Prepare hostname list
- Test connections
-
Run Collection
- Use
Invoke-RemoteAssetCollection-HTTPS.ps1 - Monitor logs
- Review results
- Use
📖 Documentation
See WINRM_HTTPS_DEPLOYMENT_GUIDE.md for:
- Detailed deployment procedures
- Troubleshooting guide
- Security best practices
- Certificate management
- Production deployment steps
🐛 Troubleshooting
Common Issues
Certificate not found
# Verify certificate is installed
Get-ChildItem Cert:\LocalMachine\My | Where-Object {$_.Subject -like "*logon.ds.ge.com*"}
Connection fails
# Test DNS resolution
Resolve-DnsName "hostname.logon.ds.ge.com"
# Test port connectivity
Test-NetConnection -ComputerName "hostname.logon.ds.ge.com" -Port 5986
# Test WinRM
Test-WSMan -ComputerName "hostname.logon.ds.ge.com" -UseSSL -Port 5986
Firewall blocking
# Check firewall rule
Get-NetFirewallRule -DisplayName "WinRM HTTPS-In"
# Create if missing
New-NetFirewallRule -DisplayName "WinRM HTTPS-In" `
-Name "WinRM HTTPS-In" -Profile Any -LocalPort 5986 `
-Protocol TCP -Direction Inbound -Action Allow
📞 Support
For detailed help:
- Check WINRM_HTTPS_DEPLOYMENT_GUIDE.md
- Review PowerShell script help:
Get-Help .\Setup-WinRM-HTTPS.ps1 -Full - Check logs in
.\logs\directory