Powershell Remoting

rated by 0 users
This post has 2 Replies | 2 Followers

Not Ranked
Posts 3
williamm Posted: 03-22-2012 6:48 AM

Hello,

I have succesfully setting up a WINRM listener as HTTPS transport.  But, when I want to create a new  PS Session to the machine the following error occured:The SSL certificate contains a common name (CN) that does not match the hostname.

This is the statement" $s = New-PSSession 10.12.25.1 -Port 5000 -Credential phb\adm_william -UseSSL

Host 10.12.25.1 is a firewall/router and port 5000 will be forward to 192.168.128.130:5986

The hostname of 192.168.128.130 is cb-app.phb and the cn of the certificate is cb-app.phb.

I have just imported the certificate on the client computer but I got the same error.

Do you have any idea of a sulution?


Regards,

 

William 

Top 10 Contributor
Posts 640

You'd never import the certificate onto the client.

SSL certificate configuration isn't something I have to do a lot, but what the error means is that you're accessing host 10.12.25.1 but it isn't presenting a certificate with 10.12.25.1 as the host name. When you use SSL, the name you provide to New-PSSession must match the name in the SSL certificate. That's how PowerShell ensures you're hitting the correct machine.

As-is, you're asking for 10.12.25.1, but you're getting "cb-app.phb," so PowerShell thinks you're getting the wrong machine based on the SSL cert.

Top 25 Contributor
Posts 521
Microsoft MVP
Top Contributor

Before you create a new PS session, create a PS session option object using New-PSSessionOption cmdlet and its SkipCNCheck parameter:

$so = New-PSSessionOption -SkipCNCheck

And then, add it to your New-PSSession command:

$s = New-PSSession 10.12.25.1 -Port 5000 -Credential phb\adm_william -UseSSL -SessionOption $so

 

 

 

 

Page 1 of 1 (3 items) | RSS
Copyright 2012 PowerShell.com. All rights reserved.