This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 78%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
I get the following error when trying to configure WinRM over HTTPS:
PS C:\Windows\system32> winrm quickconfig -transport:https
WinRM service is already running on this machine.
WSManFault
Message
ProviderFault
WSManFault
Message = Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate cert
ificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authenticatio
n, and not be expired, revoked, or self-signed.
Error number: -2144108267 0x80338115
Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SS
L, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, rev
oked, or self-signed.
PS C:\Windows\system32>
The certificate I am using is not expired, includes server authentication, shows as OK in Certification Path, and the hostname of the server matches the "Issued To:" on the certificate. So I don't know why I am getting this error.
Additionally, in the first command below, the thumbprint for the cert is displayed, but in the second command, no certificate thumbprint is displayed.
Any help is greatly appreciated.
*PS C:\Windows\system32> winrm e winrm/config/listener
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = XXXXXXXXXX
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 1B4288BCD2387008B894F459B78DE9C6576AE039
ListeningOn = 20.20.149.39, 127.0.0.1
Listener [Source="GPO"]
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = x.x.x.x, 127.0.0.1
PS C:\Windows\system32> Winrm get http://schemas.microsoft.com/wbem/wsman/1/config
Config
MaxEnvelopeSizekb = 500
MaxTimeoutms = 60000
MaxBatchItems = 32000
MaxProviderRequests = 4294967295
Client
NetworkDelayms = 5000
URLPrefix = wsman
AllowUnencrypted = false
Auth
Basic = true
Digest = true
Kerberos = true
Negotiate = true
Certificate = true
CredSSP = false
DefaultPorts
HTTP = 5985
HTTPS = 5986
TrustedHosts
Service
RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
MaxConcurrentOperations = 4294967295
MaxConcurrentOperationsPerUser = 1500
EnumerationTimeoutms = 240000
MaxConnections = 300
MaxPacketRetrievalTimeSeconds = 120
AllowUnencrypted = false
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
DefaultPorts
HTTP = 5985
HTTPS = 5986
IPv4Filter = * [Source="GPO"]
IPv6Filter [Source="GPO"]
EnableCompatibilityHttpListener = false
EnableCompatibilityHttpsListener = false
CertificateThumbprint
AllowRemoteAccess = true [Source="GPO"]
Winrs
AllowRemoteShellAccess = true
IdleTimeout = 7200000
MaxConcurrentUsers = 2147483647
MaxShellRunTime = 2147483647
MaxProcessesPerShell = 2147483647
MaxMemoryPerShellMB = 2147483647
MaxShellsPerUser = 2147483647*
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 30%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Hi,
Is there any update?
Please let us know if your issue has been resolved.
After trying quite a few things, it is finally working. One of the issues was that the FQDN was needed for the WinRM command.
Hi,
From the command result below, it shows the certificate authentication is false.
Please follow the guidance in below article to enable the certificate authentication and see if the issue could be resolved or not.
https://video2.skills-academy.com/en-us/windows/win32/winrm/authentication-for-remote-connections#enabling-or-disabling-authentication-options
Auth
Basic = false
Kerberos = true
Negotiate = true
Certificate = false
CredSSP = false
CbtHardeningLevel = Relaxed
Thanks,
Eleven
----------
If the Answer is helpful, please click "Accept Answer" and upvote it. Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 12%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Thank you for this solution