I have an interesting problem enabling WinRM over HTTPS on Hyper-V Server 2019. I have a valid, Server Auth-enabled certificate imported into the Root store, however
winrm quickconfig -transport:https
Still results in the following:
WinRM service is already running on this machine.
WSManFault
Message
ProviderFault
WSManFault
Message = Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.
Error number: -2144108267 0x80338115
Cannot create a WinRM listener on HTTPS because this machine does not have an appropriate certificate. To be used for SSL, a certificate must have a CN matching the hostname, be appropriate for Server Authentication, and not be expired, revoked, or self-signed.
Hostname is: CIC-OverActive
Domain is: unifiedlab.lan
The certificate's properties in the Root store look good, the "Issued To" field matches the Host Name exactly (without domain), it has the Private Key (not exportable), and the root CA's certificate is in place as well and healthy, etc. etc.
I have even tried removing the default/system generated cert for the machine (after exporting it as a backup, of course).
Properties in the Root cert store (from Hyper-V's Windows Admin Center // Server Manager // Certificates):
Archived
NotArchived
Certificate Name
CIC-OverActive
Enhanced Key Usage
Server Authentication 1.3.6.1.5.5.7.3.1 Client Authentication 1.3.6.1.5.5.7.3.2
Friendly Name
CIC-OverActive
Issuer Name
<*****>
Issued To
CIC-OverActive
Path
LocalMachine\Root\89926350EBC3EC4C4C7C3773B9263157011787B2
Valid From
3/26/2023
Valid To
3/25/2025
Private Key
Not Exportable
Public Key
RSA
Public Key Parameters
05 00
Scope
LocalMachine
Store
Root
Status
Healthy
Serial Number
06
Subject
CN=CIC-OverActive, OU=Information Security Lab, O=<*******>, S=<*******>, C=<*******>
Signature Algorithm
sha256RSA
Thumbprint
89926350EBC3EC4C4C7C3773B9263157011787B2
Version
3
Certificate Template
-
I am following this guide as a reference, and all the conditions for the cert that are listed there seem to be met: https://learn.microsoft.com/en-us/troubleshoot/windows-client/system-management-components/configure-winrm-for-https
I am unsure as to how to proceed in troubleshooting this one, any suggestions are welcome!