Can we use "Client Certificate-based Authentication" for Windows discovery with WinRM?

Patrick Zumbrun
Tera Contributor

‎01-11-2022 08:13 AM

Hi all

A customer of mine would like to use WinRM for windows server discovery which is ok so far. But for authentication they want to disable Basic Authentication and instead use "Client Certificate-based Authentication". Based on the documentation this is not possible. For windows discovery we need windows credentials which require username and password.

Has anyone tried or even succeeded with this?

Thanks, Patrick

Labels:
0 Helpfuls
  • 951 Views
3 REPLIES 3

Rahul Priyadars
Giga Sage
Giga Sage

‎01-11-2022 11:30 PM

If Customer is hesitant in giving Admin id and Password for discovery then we can think of discovering Using JEA approach or Use of Agent Client collector .

authentication using Certificate for discovering windows server is highly doubtful.

Regards

RP

0 Helpfuls

Patrick Zumbrun
Tera Contributor
In response to Rahul Priyadars

‎01-11-2022 11:52 PM

Thanks Rahul

Agent client collector would be a possible solution, I agree.
With JEA we still need username and password for the Non-Admin Account.

I still think that "Client Certificate-based Authentication" would be a good solution. It is clearly supported by microsoft: https://docs.microsoft.com/en-us/windows/win32/winrm/authentication-for-remote-connections#client-ce...

The similar "SSH private key credential type" is also supported and often used by ServiceNow discovery. 

Regards
Patrick

0 Helpfuls

Rahul Priyadars
Giga Sage
Giga Sage
In response to Patrick Zumbrun

‎01-12-2022 12:48 AM

Client Certificate-based Authentication" would be a good solution - Definitely but does Service Now gives this option to trigegr as i see this has few pre-Req  (you must first enable certificate authentication on both the client and service by using the Winrm command line tool)also in environment.

Regards

RP

0 Helpfuls