To set up PowerShell remoting to use the HTTPS protocol, deploy an SSL certificate to the remote server.

To acquire an SSL certificate, first generate a self-signed certificate. There are two purposes for using SSL certificates with PowerShell remoting:

  • Encrypting traffic between client and server

  • Verifying server identity (CN check)

The following are the methods to generate a self-signed SSL certificate:

Create a Self-Signed SSL Certificate Using the IIS Manager

Create a Self-Signed SSL Certificate Using Makecert.exe

Create a Self-Signed SSL Certificate Using OpenSSL

In all these methods, replace HOSTNAME with either the remote server host name or the IP address to be used to connect to that server; for example, srv1.mycompany.com or 32.53.2.87.

Ensure that your setup meets the following requirements when generating an SSL certificate to use with PowerShell remoting:

  • Set the Certificate Enhanced Key Usage (EKU) "Server Authentication" (OID=1.3.6.1.5.5.7.3.1).

  • Set the Certificate Subject to "CN=HOSTNAME".

In all these methods, an SSL certificate in PKCS12 format (PFX file) without a password is generated.