Deployment Guide
Certificate Authority Signed Self-Signed Certificate
You need a certificate signed by a CA or a self‑signed certificate (generated using the SelfSSL tool) to
install and configure the Remote Enablement feature on the system.
NOTE: It is recommended that you use a certificate signed by a CA.
Using A Certificate Signed By A CA
To use a certificate signed by a CA:
1. Request a valid CA signed certificate.
2. Create a HTTP listener with the CA signed certificate.
Requesting A Valid CA Signed Certificate
To request a valid CA signed certificate:
1. Click Start → Run.
2. Type mmc and click OK.
3. Click File → Add/Remove Snap-in.
4. Select Certificates, and then click Add.
5. In the Certificates snap-in dialog box, select Computer account, and then click Next.
6. Select Local Computer, and then click Finish.
7. Click Close, and then click OK.
8. On the Console window, expand Certificates (Local Computer) in the left navigation pane.
9. Right-click Personal, select All tasks → Request New Certificate.
10. Click Next.
11. Select the appropriate certificate type, Mostly (Computer), and then click Enroll.
12. Click Finish.
Creating The HTTPS Listener With The Valid CA Signed Certificate
Run the installer and click the link on the prerequisite checker to create the HTTPS listener.
NOTE: The HTTP listener is enabled by default and listens at port 80.
Configuring User Authorization For WinRM And WMI Servers
To provide access rights to WinRM and WMI services, explicitly add users with the appropriate access
levels.
NOTE: To configure user authorization — For WinRM and WMI Servers, you must login with
administrator privileges. - For Windows Server 2008 operating systems, you must login as a built-in
Administrator, Domain Administrator, or user who is a part of Domain Admins and Domain Users
group.
NOTE: The administrator is configured by default.
WinRM
To configure user authorization for WinRM servers:
1. Click Start → Run.
2. Type winrm configsddl and click OK.
18