3

I am trying to create a powershell script that pulls out the thumbprint of a certificate on a windows server so that I can use this thumbprint in a variable to use it in another command that creates a HTTPS listener.

I have managed to create the first step that works with the following command:

$thumbprint = (get-childitem -path cert:\localmachine\my | where-object {$_.subject -match $hostname+".xxx.com"}).thumbprint

So now i have the thumbprint saved in a variable.

Then i am trying to use the following command that works if i type in the contents of the $thumbprint value manually:

winrm create winrm/config/listener?Address=*+Transport=HTTPS '@{Hostname="$hostname";CertificateThumbprint="$thumbprint"}'

When running this command I get the following error:

Message = The WS-Management service cannot process the configuration request because the certificate thumbprint in the request is not a valid hex string: $thumbprint.

Does anyone know how I could solve this?

This works (manually typing the same value):

winrm create winrm/config/Listener?Address=*+Transport=HTTPS '@{Hostname="xxx.xxx.xxx";CertificateThumbprint="AF1D0F82070C4E3692BBF43747BAE74DED74A40A"}'

The contents of the $thumbprint variable is AF1D0F82070C4E3692BBF43747BAE74DED74A40A

Improve this question

2 Answers 2

Reset to default
4

Since you are using PowerShell, you can use WSMan PowerShell provider to configure WS-Management service:

New-Item WSMan:\localhost\Listener -Address * -Transport HTTPS -HostName $hostname -CertificateThumbPrint $thumbprint
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Perfect @PetSerAl - always a good idea to solve a problem with a different approach. Works like a charm. In total i ended up using: winrm delete winrm/config/listener?Address=*+Transport=HTTPS $hostname = (gc env:computername)+".domain.net" $thumbprint = (get-childitem -path cert:\localmachine\my | where-object {$_.subject -match $hostname}).thumbprint New-Item WSMan:\localhost\Listener -Address * -Transport HTTPS -HostName $Hostname -CertificateThumbprint $thumbprint
@lazerpld this worked for me. I added the -Force:$true argument to the New-Item command
1

Since the @{} part is enclosed by single-quotes, PowerShell won't expand variables like $thumbprint, so instead of passing the thumbprint to winrm, you're passing the literal value $thumbprint.

You can use the -f operator to replace a placeholder inside a single-quoted string. Placeholders are numbered and enclosed by curly brackets, so you need to escape the @{} brackets as well:

$WinRMConfig = '@{{Hostname="$hostname";CertificateThumbprint="{0}"}}' -f $thumbprint
winrm create winrm/config/listener?Address=*+Transport=HTTPS $WinRMConfig
Improve this answer

2 Comments

Hi Mathias, Thanks for a very fast reply. I have tried: $WinRMConfig = '@{Hostname="xxx.xxx.xxx";CertificateThumbPrint="{0}"}' -f $thumbprint But i get the following error: Error formatting a string: Input string was not in a correct format.. At line:1 char:74 + $WinRMConfig = '@{Hostname="xxx.xxx.xxx";CertificateThumbPrint="{0}"}' -f <<<< $thumbprint + CategoryInfo : InvalidOperation: (AF1D0F82070C4E3692BBF43747BAE74DED74A40A:String) [], RuntimeException + FullyQualifiedErrorId : FormatError
@lazerpld sorry, forgot to escape the enclosing curly brackets, updated answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.