To set up PowerShell remoting to use HTTPS protocol, deploy an SSL certificate to the remote server.

To acquire an SSL certificate, first generate a self-signed certificate. There are two purposes for using SSL certificates with PowerShell remoting:

  • Encrypting traffic between client and server

  • Verifying server identity (CN check)

The following are the methods to generate a self-signed SSL certificate:

Create Self-Signed SSL Certificate Using the IIS Manager

Create Self-Signed SSL Certificate Using Makecert.exe

Create Self-Signed SSL Certificate Using OpenSSL

In all these methods, replace HOSTNAME with either the remote server host name or the IP address to be used to connect to that server. For example, srv1.mycompany.com or 32.53.2.87.

Ensure that your setup meets the following requirements when generating SSL certificate to use with PowerShell remoting:

  • Set the Certificate Enhanced Key Usage (EKU) "Server Authentication" (OID=1.3.6.1.5.5.7.3.1).

  • Set the Certificate Subject to "CN=HOSTNAME".

In all these methods, an SSL certificate in PKCS12 format (PFX file) without a password is generated.