We received an email saying our port 5986 (WinRM?) certificates are set to expire soon and we should take action to avoid interruption.
The way i configured WinRM for TFS communication last year was like this:
ConfigureWinRM.ps1 {FQDN} httpsexample: ConfigureWinRM.ps1 server.tst.com https
Do i just have to rerun this again to renew? Do i need to remove the old certificate thumbprint first?
Apparently, there was a bug 4 years ago that it appears that WinRM somehow does note that the certificate has been renewed, because it continues to accept WinRM connections over HTTPS with no issues, even after the certificate referenced under WSman\Listener has expired.
i dont want conflicts to occur so i want to renew this safely, especially when we get the same notification for production.
Note: some useful commands used in that git bug report to compare replaced cert Thumbprint:
ls cert:\localmachine\my
ls wsman:\localhost\listener\listener_1305953032
Winrm enumerate winrm/config/listener
netsh http show sslcert ipport=0.0.0.0:5986
I just had to rerun the same steps again (skip step1 if script is still there from last time)
ConfigureWinRM.ps1 servername https
Looks like the bug is not present on PSVersion 5.1.14393.3471
I ran the commands above listed in the Note and the new Thumbprint was getting displayed for all 4 of them.
restart wasnt required