我在 winrm 上有两个 HTTPS 监听器(一个兼容性),如下:
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = <hostname here>
Enabled = true
URLPrefix = wsman
CertificateThumbprint = <thumb here>
ListeningOn = <not important>
Listener [Source="Compatibility"]
Address = *
Transport = HTTPS
Port = 443
Hostname = <hostname here>
Enabled = true
URLPrefix = wsman
CertificateThumbprint = <thumb here>
ListeningOn = <same as above not important>
我可以为 5986 侦听器更新证书,但是当我尝试更新 443 侦听器时,似乎无法指定端口。由于地址和传输相同,我不确定如何才能获得我想要的监听器。
我尝试过以下一些方法:
无效使用命令行错误:
winrm set winrm/config/Listener?Address=*+Transport=HTTPS+Port=443 @{CertificateThumbprint="<Thumbprint>"}
这些不起作用,但我在运行创建之前没有删除旧的,因为我想就地更新:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="<hostname>"; CertificateThumbprint="<Thumbprint>"; Port=443}'
winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="<hostname>"; CertificateThumbprint="<Thumbprint>"; Port="443"}'
使用侦听器名称没有错误,但在运行 Get-Item 进行确认时未更新证书
Set-Item WSMan:\localhost\Listener\Listener_874393735\CertificateThumbprint -Value <Thumbprint>
Set-Item WSMan:\localhost\Listener\Listener_874393735\CertificateThumbprint -Value "<Thumbprint>"
错误消息:此资源需要以下选择器:地址传输
Set-WSManInstance -ResourceURI winrm/config/Listener -SelectorSet @{Address="*"; Transport="HTTPS";Port="443"} -ValueSet @{CertificateThumbprint=$certThumb}
毕竟我的问题有两个。
我找到的唯一解决方案是重置配置,因为尝试删除默认侦听器将导致命令无法尝试更新或创建任何新侦听器。
以下是我采取的步骤:
winrm invoke Restore winrm/Configwinrm get winrm/config/servicewinrm set winrm/config/service '@{EnableCompatibilityHttpsListener="true"}显然不是一个理想的解决方案,因为它需要重置整个配置,而不仅仅是更新证书,但它对我有用。