You can configure the WinRM host to enable communication with the PowerShell plug-in through the HTTPS protocol.

The WinRM host requires a certificate so that it can communicate through the HTTPS protocol. You can either obtain a certificate or generate one.

Prerequisites

  • Configure WinRM to use the HTTP protocol. For more information, see Configure WinRM to Use HTTP.
  • Verify that you can access the Microsoft Management Console (mmc.exe) on the WinRM host.

Procedure

  1. Generate a self-signed certificate.
    The following command line contains example syntax for creating a certificate on the WinRM host by using the Powershell Cmdlet New-SelfSignedCertificate. 
    New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName ("machinename.subdomain.company.com", "machinename") -NotAfter (get-date).AddYears(5) -Provider "Microsoft RSA SChannel Cryptographic Provider" -KeyLength 2048

    In this example, the -NotAfter parameter specifies that the certificate will expire in 5 years. If this parameter isn't specified, the certificate expires in 1 year. Learn more about creating self-signed certificates.

  2. Add the generated certificate by using the Microsoft Management Console.
    1. Run mmc.exe.
    2. Select File > Add/Remove Snap-in.
    3. From the list of available snap-ins, select Certificates and click Add.
    4. Select Computer account and click Next.
    5. Click Finish.
    6. Verify that the certificate is installed in Console Root > Certificates (Local Computer) > Personal > Certificates and Console Root > Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
      If the certificate is not installed in the Trusted Root Certification Authorities and Personal folders, you must install it manually.
  3. Create an HTTPS listener by using the correct thumbprint and host name.
    The following command line contains example syntax for creating an HTTPS listener.

    winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="host_name";CertificateThumbprint="certificate_thumbprint"}

    Note: Omit the spaces in the certificate thumbprint.
  4. Test the connection.
    The following command line contains example syntax for testing the connection.

    winrs -r:https://host_name:port_number -u:user_name -p:password hostname