ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c0c7bb06fa5cf497b782979b9a329ef58afcd1
powershell-scripts/winrm-https/winrm-ca-scripts/SIMPLE-INSTRUCTIONS.txt
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

154 lines
5.0 KiB
Plaintext
Raw Blame History

================================================================================
SIMPLIFIED INSTRUCTIONS - WinRM HTTPS with Certificate Authority
================================================================================
Location: /home/camp/winrm-ca-scripts/
All scripts now auto-detect files automatically!
================================================================================
STEP 1: Create Certificate Authority
================================================================================
On Windows, in PowerShell as Administrator:
cd C:\path\to\winrm-ca-scripts
.\Create-CA-Simple.ps1
Enter password: ShopfloorCA2025!
Creates:
- Shopfloor-WinRM-CA-20251017.pfx (CA private key)
- Shopfloor-WinRM-CA-20251017.cer (CA public cert)
================================================================================
STEP 2: Install CA on Your Computer
================================================================================
Import-Certificate -FilePath "Shopfloor-WinRM-CA-20251017.cer" `
-CertStoreLocation Cert:\LocalMachine\Root
(Replace date with actual file)
================================================================================
STEP 3: Sign All 175 PC Certificates
================================================================================
SIMPLE VERSION (Auto-detects everything):
.\Sign-BulkCertificates.ps1
The script will:
✓ Automatically find shopfloor-hostnames.txt in current directory
✓ Automatically find the CA .pfx file
✓ Prompt for CA password
✓ Prompt for PC certificate password
✓ Sign all 175 certificates
Creates:
- pc-certificates/batch-TIMESTAMP/
- 175 PFX files (one per PC)
- certificate-list.csv
- SUMMARY.txt
================================================================================
WHAT CHANGED
================================================================================
BEFORE (Manual):
.\Sign-BulkCertificates.ps1 `
-HostnameFile "shopfloor-hostnames.txt" `
-CAPfxPath "Shopfloor-WinRM-CA-20251017.pfx" `
-CAPassword $caPass `
-CertificatePassword $certPass
AFTER (Automatic):
.\Sign-BulkCertificates.ps1
Much simpler! Just run it and answer the prompts.
================================================================================
DEPLOYING TO PCS
================================================================================
For each PC (example: G9KN7PZ3ESF):
1. Copy certificate to PC:
Copy-Item "pc-certificates\batch-*\G9KN7PZ3ESF-*.pfx" `
-Destination "\\G9KN7PZ3ESF\C$\Temp\"
2. On the PC, import:
$pass = Read-Host "Certificate Password" -AsSecureString
$cert = Import-PfxCertificate `
-FilePath "C:\Temp\G9KN7PZ3ESF-*.pfx" `
-CertStoreLocation Cert:\LocalMachine\My `
-Password $pass
3. Configure WinRM:
.\Setup-WinRM-HTTPS.ps1 -CertificateThumbprint $cert.Thumbprint -Domain "logon.ds.ge.com"
================================================================================
TESTING CONNECTION
================================================================================
From YOUR computer:
Test-WSMan -ComputerName g9kn7pz3esf.logon.ds.ge.com -UseSSL -Port 5986
$cred = Get-Credential
Enter-PSSession -ComputerName g9kn7pz3esf.logon.ds.ge.com `
-Credential $cred -UseSSL -Port 5986
No -SessionOption needed! Clean and secure!
================================================================================
TROUBLESHOOTING A REMOTE PC
================================================================================
Copy Test-RemotePC-Debug.bat and Test-RemotePC-Debug.ps1 to the PC.
Right-click Test-RemotePC-Debug.bat and "Run as Administrator"
Shows:
- WinRM service status
- Listeners
- Ports
- Firewall rules
- Certificates
- Network info
================================================================================
PASSWORDS
================================================================================
CA Password: ShopfloorCA2025!
PC Certificate Password: PCCert2025!
(Or use your own passwords)
================================================================================
FILES IN THIS DIRECTORY
================================================================================
1. Create-CA-Simple.ps1 - Creates CA
2. Sign-BulkCertificates.ps1 - Signs all 175 certs (AUTO-DETECTS FILES!)
3. Test-RemotePC-Debug.ps1 - Debug script for remote PCs
4. Test-RemotePC-Debug.bat - Batch wrapper with bypass
5. shopfloor-hostnames.txt - 175 PC hostnames
6. README.txt - Full detailed instructions
7. START-HERE.txt - Quick start
8. SIMPLE-INSTRUCTIONS.txt - This file (simplified!)
================================================================================
THAT'S IT!
================================================================================
Just run:
1. .\Create-CA-Simple.ps1
2. Import-Certificate (CA cert to Trusted Root)
3. .\Sign-BulkCertificates.ps1
Then deploy to PCs!
================================================================================
Reference in New Issue View Git Blame Copy Permalink