WinRM over HTTPS Configuration Guide

This guide provides instructions for configuring WinRM over HTTPS on your environment.

1. Certificate Requirements
   Before enabling HTTPS, ensure the following for the certificate:
   • The certificate must be CA-issued and installed in the Trusted Root Certification
   Authorities store on all relevant devices.
   • The Common Name (CN) of the certificate must match the hostname of the target
   machine.
   • The certificate must be valid for Server Authentication.

2. Enable WinRM over HTTPS
   Once the certificate requirements are met, enable HTTPS with the following command:
   
   

   winrm quickconfig -transport:https

   
   This command will:

   
   • Start the WinRM service if it’s not already running
   • Configure the HTTPS listener
   • Adjust firewall rules as needed

3. Verify HTTPS Listener
   After enabling HTTPS, verify that WinRM is listening on HTTPS:
   
   

   winrm enumerate winrm/config/listener

   
   You should see an entry with:

   
   • Transport = HTTPS
   • Port = 5986
   • Hostname matching the certificate CN
   • CertificateThumbprint of the installed certificate

4. Authentication Note
   • This configuration assumes username and password–based authentication over
   HTTPS.
   • If you want to connect over HTTPS without using a username and password, you
   must configure client-side certificate authentication.
   • Client-side certificate authentication is a separate setup and is outside the scope of
   this guide