[ansible-project] Re: certificate: the specified credentials were rejected by the server

Wed, 26 Sep 2018 01:22:36 -0700 

Hi, Jordan. Thanks for your help~

After changing to HTTPS, I met such error:
192.168.1.207 | UNREACHABLE! => {
    "changed": false, 
    "msg": "certificate: HTTPSConnectionPool(host='192.168.1.207', 
port=5986): Max retries exceeded with url: /wsman (Caused by 
SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify 
failed (_ssl.c:590)'),))", 
    "unreachable": true
}

Here is my config of the listener:
PS C:\Temp> winrm enumerate winrm/config/Listener
Listener
    Address = *
    Transport = HTTPS
    Port = 5986
    Hostname = desktop-9qa0b18
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint = 4b 80 86 d5 fd 8f 90 20 36 fe a5 cf b1 9f cc 3f 
98 ee 05 78
    ListeningOn = <addresses>

I am not sure whether I generate the key in right way or not. In fact, I am 
not familiar to those things like SSL, HTTPS.
Here I write down the things I did to use HTTPS in WinRM:
1. Use the IIS tool to create a Self-Signed Certificate for my PC: 
desktop-9qa0b18

2. Run command:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Port="5986" 
;Hostname="desktop-9qa0b18" ;CertificateThumbprint="4b 80 86 d5 fd 8f 90 20 
36 fe a5 cf b1 9f cc 3f 98 ee 05 78"}
to create listener

3. Generate a certificate by *openssl*: 
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#generate-a-certificate
 

4. Import a certificate: 
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#import-a-certificate-to-the-certificate-store

5. Mapping the certificate to my account(username=Test) : 
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#mapping-a-certificate-to-an-account

6. Run command ansible win_test -m win_ping in linux side.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/1f237a69-1680-40bb-aeda-6318970f5e7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to