[ansible-project] winrm certificate authentication

Tue, 04 Apr 2017 09:03:30 -0700 

Hi,

I have two VMs the first one is centos 7 VM with ansible 2.2.1 installed 
 (ip: 192.168.26.2)
the second one is a windows 10 VM    (ip: 192.168.26.3)

I have managed to connect to windows VM from centos VM using basic 
authentication (username +  password)

I need to use certificate authentication between centos and windows and I 
did the following with no success:

     1) I have generated a self-signed certificate in the windows VM then I 
have installed it  with the following command 
         $ip="192.168.26.3"
         $c = New-SelfSignedCertificate -DnsName $ip -CertStoreLocation 
cert:\LocalMachine\My

     2) I have created the following winrm listener on the windows VM:
         winrm create winrm/config/Listener?Address=*+Transport=HTTPS 
"@{Hostname=`"$ip`";CertificateThumbprint=`"$($c.ThumbPrint)`"}"

     3) I have generated a private key on centos VM:
         openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt 
rsa_keygen_bits:2048

     4) I have generated a csr on centos VM:
        openssl req -key private_key.pem -new -out ansible.csr

     5) I have signed the csr (ansible.csr) using the self-generated 
certificate in windows VM
      openssl ca -out ansible.crt -infiles ansible.csr

     6) I have edited the inventory file:
        [test]
        192.168.26.2
        [test:vars]
        ansible_user=administrator 
        ansible_winrm_port=5986
        ansible_connection=winrm
        ansible_winrm_scheme=https
        ansible_winrm_transport=certificate
        ansible_winrm_server_cert_validation=ignore
        ansible_winrm_cert_key_pem=path/to/private/key/ private_key.pem
        ansible_winrm_cert_pem=path/to/certificate/ansible.crt

     7) I have executed the following command  but it failed
         ansible -i pilote.ini test win_ping

       I had the following error:
        msg:"certificate: the specified credentials were rejected by the 
server


  
can you point me what  am I doing wrong??
Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/e590ee23-bb28-4c9e-8f00-5ba8787c21d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to