WinRM HTTPS Listeners

This section describes the use of WinRM HTTPS Listeners for Powershell Communication mode with AppViewX Windows Gateway.

From AppViewX version 2024.3.0.0, an additional configuration parameter has been introduced to enable support for WinRM HTTPS Listener. A new configuration parameter, HttpsMode has been introduced in the AppViewX.CertPlus.WindowsService.exe.config file. To configure the HttpsMode,

  1. Go to the AppViewX Windows Gateway Installation Path. The default path is C:\Program Files (x86)\appviewx\AppViewX.CertPlus.Installer
  2. Open the AppViewX.CertPlus.WindowsService.exe.config file using a text editor.
  3. Locate the <appSettings> section and set the following entry: <add key="HttpsMode" value="Network" />
    Supported values for the "HttpsMode" configuration:
    • Yes: Enforces the use of only HTTPS for all communication.
    • No: Explicitly sets HTTP as the communication protocol.
    • Both: Prioritizes HTTPS; if HTTPS is unavailable, the system will fall back to HTTP.
    Note: If the HttpsMode configuration is not explicitly set, the system will default to the use HTTP for communication.

Prerequisites for setting up and using HTTPS mode

  1. WinRM HTTPS Service Setup: The WinRM service must be configured and bound to a valid SSL certificate.
  2. Certificate Requirements:
    1. The certificate must be issued using the Web Server template.
    2. The Common Name (CN) in the certificate must match the Fully Qualified Domain Name (FQDN) of the respective machine.
    3. This is a mandatory requirement by Microsoft for WSMAN over HTTPS when using PowerShell Remoting.

Procedure for Unconfigured HTTPS Listeners on Target Devices

  1. Set the HttpsMode flag to Both in the configuration file. (By default it will be set to “No”).
  2. If the required target devices are not configured with HTTPS Listeners, it will be on-boarded using HTTP.
  3. Post that, the required target devices can be configured with HTTPS listeners bound with the required certificates (requirements of the certificates mentioned above).
  4. Once all the required certificates are bound and the HTTPS listeners are available in all the required target devices, set the HttpsMode flag to "Yes" to use only HTTPS Listeners for any further communications.