Really need some direction in getting a solution working. I am using
the WinRM ruby gem to invoke commands to Windows boxes over WinRM from
Linux servers. This is our requirement.
We will be making those WinRM calls over SSL. The WinRM gem requires
the httpclient gem. This is where I’m running into trouble. When I
make my WinRM call using SSL, the call fails with the following:
`connect’: SSL_connect returned=1errno=0 state=SSLv3 read server
certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
This is because the httpclient uses a provided trust anchor (cacert.p7s)
that trusts some CAs. Obviously it doesn’t trust my internal Microsoft
root CA, but I need it to. My Windows boxes that will have commands run
against they have a certificate from our Microsoft CA. I just can’t
figure out how to “fix” httpclient to trust my root CA.
What I’m looking for is some code example from someone successfully
doing something like this, not necessarily from a Microsoft CA but
successfully changing the anchor trust because I can’t figure out how to
do it myself. I am a relative ruby noob unfortunately so the
documentation in the httpclient is over my head as far as how to change
the code. I have an exported certificate chain ready to go, I just
don’t know how to get it to use mine instead of the provided trust
anchor. Desperate for any guidance here. Thanks!