diff --git a/docsite/rst/intro_windows.rst b/docsite/rst/intro_windows.rst index af1e25a427..48781bdc24 100644 --- a/docsite/rst/intro_windows.rst +++ b/docsite/rst/intro_windows.rst @@ -131,13 +131,18 @@ If your Windows firewall is enabled, you must also run the following command to Best Practices By default, Powershell remoting enables an HTTP listener. The following commands enable an HTTPS listener, which secures communication between the Control Machine and windows. +An SSL certificate for server authentication is required to create the HTTPS listener. The existence of an existing certificate in the computer account can be verified by using the MMC snap-in, as documented ' + +A best practice for SSL certificates is generating them from an internal or external certificate authority. An existing certificate could be located in the computer account certificate store 'using the following article '. + +Alternatively, a self-signed SSL certificate can be generated in powershell using 'the following technet article '. At a minimum, the subject name should match the hostname, and Server Authentication is required. Once the self signed certificate is obtained, the certificate thumbprint can be identified using 'How to: Retrieve the Thumbprint of a Certificate ' + .. code-block:: bash + + $ Create the https listener + $ winrm create winrm/config/Listener?Address=*+Transport=HTTPS  @{Hostname="host_name";CertificateThumbprint="certificate_thumbprint"} $ Delete the http listener $ WinRM delete winrm/config/listener?Address=*+Transport=HTTP - $ Create the https listener - $ Insert code here - - .. _windows_and_linux_control_machine: