Can we use "Client Certificate-based Authentication" for Windows discovery with WinRM?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2022 08:13 AM
Hi all
A customer of mine would like to use WinRM for windows server discovery which is ok so far. But for authentication they want to disable Basic Authentication and instead use "Client Certificate-based Authentication". Based on the documentation this is not possible. For windows discovery we need windows credentials which require username and password.
Has anyone tried or even succeeded with this?
Thanks, Patrick
- Labels:
-
Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2022 11:30 PM
If Customer is hesitant in giving Admin id and Password for discovery then we can think of discovering Using JEA approach or Use of Agent Client collector .
authentication using Certificate for discovering windows server is highly doubtful.
Regards
RP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-11-2022 11:52 PM
Thanks Rahul
Agent client collector would be a possible solution, I agree.
With JEA we still need username and password for the Non-Admin Account.
I still think that "Client Certificate-based Authentication" would be a good solution. It is clearly supported by microsoft: https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections#client-ce...
The similar "SSH private key credential type" is also supported and often used by ServiceNow discovery.
Regards
Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-12-2022 12:48 AM
Client Certificate-based Authentication" would be a good solution - Definitely but does Service Now gives this option to trigegr as i see this has few pre-Req (you must first enable certificate authentication on both the client and service by using the Winrm command line tool)also in environment.
Regards
RP