Can we use "Client Certificate-based Authentication" for Windows discovery with WinRM?

Patrick Zumbrun · ‎01-11-2022

Hi all

A customer of mine would like to use WinRM for windows server discovery which is ok so far. But for authentication they want to disable Basic Authentication and instead use "Client Certificate-based Authentication". Based on the documentation this is not possible. For windows discovery we need windows credentials which require username and password.

Has anyone tried or even succeeded with this?

Thanks, Patrick

Rahul Priyadars · ‎01-11-2022

If Customer is hesitant in giving Admin id and Password for discovery then we can think of discovering Using JEA approach or Use of Agent Client collector .

authentication using Certificate for discovering windows server is highly doubtful.

Regards

RP

Patrick Zumbrun · ‎01-11-2022

Thanks Rahul

Agent client collector would be a possible solution, I agree.
With JEA we still need username and password for the Non-Admin Account.

I still think that "Client Certificate-based Authentication" would be a good solution. It is clearly supported by microsoft: https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections#client-ce...

The similar "SSH private key credential type" is also supported and often used by ServiceNow discovery.

Regards
Patrick

Rahul Priyadars · ‎01-12-2022

Client Certificate-based Authentication" would be a good solution - Definitely but does Service Now gives this option to trigegr as i see this has few pre-Req (you must first enable certificate authentication on both the client and service by using the Winrm command line tool)also in environment.

Regards

RP