1. 打开IIS管理器,选中IIS服务根节点,然后在主内容页选中IIS条目下的服务器证书双击;
2. 在新出现的服务器证书面板下点右边一列的创建自签名证书
3. 证书名称是:名称(这里强调一下,证书的名称Subject必须为hostName。具体到域环境中,比如机器test加入了域cszi.com,那这个HostName应当为test.cszi.com。具体到Azure环境中,应当就是host service name 域名,比如cszitest.cloudapp.net。),类型为个人。
4. 列出所有证书
PS C:UsersTest> ls Cert:LocalMachineMy
目录: Microsoft.PowerShell.SecurityCertificate::LocalMach
Thumbprint Subject
---------- -------
91E236AF70EE5649C90B63560FD9638947A84E7E CN=Server-001
5. 配置winrm使用HTTPS
(注意:在PS中执行可能会出错,可以在CMD.exe中执行)
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="Server-001" ;CertificateThumbprint="91 E2 36 AF 70 EE 56 49 C9 0B 63 56 0F D9 63 89 47 A8 4E 7E"}运行结果:
ResourceCreated
Address = http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
ReferenceParameters
ResourceURI = http://schemas.microsoft.com/wbem/wsman/1/config/listener
SelectorSet
Selector: Address = *, Transport = HTTPS
6. 检测一下安装的结果:
C:UsersTest>winrm e winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, 192.168.1.11, ::1, 2001:0:5ef5:79fd:28e6:3665:3f57:fef4, fe80::5efe:192.168.1.11%13, fe80::
28e6:3665:3f57:fef4%14, fe80::9dc7:100:ede1:b458%12Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = Server-001
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 91 E2 36 AF 70 EE 56 49 C9 0B 63 56 0F D9 63 89 47 A8 4E 7E
ListeningOn = 127.0.0.1, 192.168.1.11, ::1, 2001:0:5ef5:79fd:28e6:3665:3f57:fef4, fe80::5efe:192.168.1.11%13, fe80::
28e6:3665:3f57:fef4%14, fe80::9dc7:100:ede1:b458%12
7. 连入时会如下:enter-pssession –computername Server-001 –Credentrial Server-001TFSServer
但是会提示如下异常:
改正如下:
先设定信息列表
Set-Item wsman:localhostClientTrustedHosts -value 192.168.1.*
注意上面的大小写,千万注意。
注意:下面的错误提示,就是你的密码不对。