Doesn't look like you actually set up the cert->user mapping. Take a look
at
http://www.hurryupandwait.io/blog/certificate-password-less-based-authentication-in-winrm
- it's a decent end-to-end tutorial on how to set it up. That said, I'd
strongly recommend you don't use it- the mapping is brittle, it doesn't
work for domain users, and underlying urllib3 requirements mean that the
cert has to be sitting on disk unencrypted. Most folks are better off just
using vaulted passwords.
-Matt
On Tuesday, April 4, 2017 at 9:03:10 AM UTC-7, Hmdi Bz wrote:
>
> Hi,
>
> I have two VMs the first one is centos 7 VM with ansible 2.2.1 installed
> (ip: 192.168.26.2)
> the second one is a windows 10 VM (ip: 192.168.26.3)
>
> I have managed to connect to windows VM from centos VM using basic
> authentication (username + password)
>
> I need to use certificate authentication between centos and windows and I
> did the following with no success:
>
> 1) I have generated a self-signed certificate in the windows VM then
> I have installed it with the following command
> $ip="192.168.26.3"
> $c = New-SelfSignedCertificate -DnsName $ip -CertStoreLocation
> cert:\LocalMachine\My
>
> 2) I have created the following winrm listener on the windows VM:
> winrm create winrm/config/Listener?Address=*+Transport=HTTPS
> "@{Hostname=`"$ip`";CertificateThumbprint=`"$($c.ThumbPrint)`"}"
>
> 3) I have generated a private key on centos VM:
> openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt
> rsa_keygen_bits:2048
>
> 4) I have generated a csr on centos VM:
> openssl req -key private_key.pem -new -out ansible.csr
>
> 5) I have signed the csr (ansible.csr) using the self-generated
> certificate in windows VM
> openssl ca -out ansible.crt -infiles ansible.csr
>
> 6) I have edited the inventory file:
> [test]
> 192.168.26.2
> [test:vars]
> ansible_user=administrator
> ansible_winrm_port=5986
> ansible_connection=winrm
> ansible_winrm_scheme=https
> ansible_winrm_transport=certificate
> ansible_winrm_server_cert_validation=ignore
> ansible_winrm_cert_key_pem=path/to/private/key/ private_key.pem
> ansible_winrm_cert_pem=path/to/certificate/ansible.crt
>
> 7) I have executed the following command but it failed
> ansible -i pilote.ini test win_ping
>
> I had the following error:
> msg:"certificate: the specified credentials were rejected by the
> server
>
>
>
> can you point me what am I doing wrong??
> Thank you
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/44593eb9-51c9-4bbf-868f-c084c60183b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
