> For the complete documentation index, see [llms.txt](https://notes.shashwatshah.me/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.shashwatshah.me/windows/active-directory/winrm-using-certificate-pfx.md).

# Winrm Using Certificate\[PFX]

### From Windows

First, import the certificate and then use Powershell script to get a session over `winrm`.&#x20;

```powershell
param (
    [string]$ComputerName = $(throw "-ComputerName is required."),
    [string]$CertificateSubject = $(throw "-CertificateSubject is required.")
 )

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store(
    [System.Security.Cryptography.X509Certificates.StoreName]::My,
    [System.Security.Cryptography.X509Certificates.StoreLocation]::CurrentUser)
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadOnly)

foreach($cert in $store.Certificates) {
    if ($cert.Subject -eq $CertificateSubject) {
        $sessionCert = $cert
        break
    }
}

if (!$sessionCert) {
    throw "An X509 certificate matching subject `"$CertificateSubject`" could not be found."
}

$opt = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck
$session = New-PSSession -ComputerName $ComputerName -UseSSL -CertificateThumbprint $sessionCert.Thumbprint -SessionOption $opt
Enter-PSSession $session
```

For this we need a valid certificate, `ComputerName` and `CertificateSubject`. We can simply use `IP` as `ComputerName` and for `CertificateSubject`, we dump data from the certificate using `certutil`.\
Command => `certutil -dump .\0xEr3bus.pfx`\
Looking at the output we see `Issuer: CN=Erebus`, This is the `CertificateSubject`\
Now run the command ==> \
`.\`session.`ps1 -ComputerName 10.10.xx.xx -CertificateSubject "CN=Erebus"`

### For Linux

Reference => [Link](https://www.ibm.com/docs/en/arl/9.7?topic=certification-extracting-certificate-keys-from-pfx-file#r_extratsslcert__keypwd)

```ruby
openssl pkcs12 -in 0xEr3bus.pfx -nocerts -out private.pem
openssl pkcs12 -in 0xEr3bus.pfx -clcerts -nokeys -out cert.crt
openssl rsa -in private.pem -out private2.pem
evil-winrm -i 10.xx.xx.xx -u <UserName> -k $PWD/private2.pem -c $PWD/cert.crt -p ''
```
