WinRM is implemented as an HTTPS service, and if you want to be able to verify the certificates of that connection, you have to set them up first.
As can be seen from the docs at http://docs.ansible.com/ansible/intro_windows.html: ansible_winrm_server_cert_validation: Specify the server certificate validation mode (ignore or validate). Ansible defaults to validate on Python 2.7.9 and higher, which will result in certificate validation errors against the Windows self-signed certificates. Unless verifiable certificates have been configured on the WinRM listeners, this should be set to ignore. Note that this doesn't have anything to do with ansible, but is a generic systems administration issue. For completeness: by default a self-signed cert is set-up, but that will give you said warning. If you control both ends (i.e. the boxes you want to manage, as well as the management station), you can deploy your own CA and sign clients certs using that. Another option is to get (commercial) certificates from a CA that is also available on your management station. Which option you choose depends on your situation and requirements. BTW I assume that TCP port 5896 is a typ0? Because according to https://msdn.microsoft.com/en-us/library/aa384372(v=vs.85).aspx the well known port is 5986... Dick On 12 March 2017 at 05:32, Paresh Pendharkar <[email protected]> wrote: > Hi All, > > I would like to have SSL connection with my windows machine using SSL cert > validation. > > Currently I am able to connect to Windows machine using > winrm_server_cert_validation variable as ignore. > > Below is the configuration - > > Ansible node on Ubuntu 64 bit , version: 2.1.1.0 > Python version - 2.7.12+ > Windows - Windows 10 OS > > Please let me know how can we make SSL connection with cert validation as I > dont want to ignore it. i.e. winrm_server_cert_validation = validate > > Please also note my HTTPS port is 5896 and is currently has the self-signed > cert thumbprint as well. > > Do i need to set any other variables in inventory ? or Do i need to install > any certs in Ansible node ? Do we need trusted certs ? > > Please help me. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/76f7902f-3572-47fe-9f44-4e2d3abe16f0%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- Dick Visser Sr. System & Network Engineer GÉANT Want to join us? We're hiring: https://www.geant.org/jobs -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwNPrEcRgM%2BP5-%2BAR8sWuXnZ6giFMNH3enFXsHTvJOemzQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
