192.168.1.207 | UNREACHABLE! => {
“changed”: false,
“msg”: “certificate: HTTPSConnectionPool(host=‘192.168.1.207’, port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u’[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)'),))”,
“unreachable”: true
}
`
Here is my config of the listener:
`
PS C:\Temp> winrm enumerate winrm/config/Listener
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = desktop-9qa0b18
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 4b 80 86 d5 fd 8f 90 20 36 fe a5 cf b1 9f cc 3f 98 ee 05 78
ListeningOn =
`
I am not sure whether I generate the key in right way or not. In fact, I am not familiar to those things like SSL, HTTPS.
Here I write down the things I did to use HTTPS in WinRM:
Use the IIS tool to create a Self-Signed Certificate for my PC: desktop-9qa0b18
Run command:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" ;Hostname="desktop-9qa0b18" ;CertificateThumbprint="4b 80 86 d5 fd 8f 90 20 36 fe a5 cf b1 9f cc 3f 98 ee 05 78"}
to create listener
If you are using a self signed certificate for the https listener (different from the user mapped certificate) then you need to tell Ansible to not verify the server’s certificate with ‘ansible_winrm_server_cert_validation=ignore’. You can get Ansible to use a custom cert chain for verification once you get this working and you don’t want to use self signed certificate.