CZERTAINLY / CZERTAINLY-Core

CZERTAINLY - core of the platform managing certificate lifecycle management related tasks
https://www.czertainly.com
MIT License
4 stars 13 forks source link

Unable to create HTTPS WinRM connection #869

Closed doloban closed 1 week ago

doloban commented 2 weeks ago

When trying to create HTTPS connection I get the following error:

Failed to update Authority (502): {"message": "HTTPSConnectionPool(host='censored.ca.hostname', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(, 'Connection to censored.ca.hostname timed out. (connect timeout=30)'))"} Error is related to connector name=PY ADCS Connector, uuid=censored.uuid. Original response code 500 INTERNAL_SERVER_ERROR.

HTTP connection works fine. Followed through your documentation of WinRM: https://docs.czertainly.com/docs/certificate-key/integration-guides/adcs/winrm-configuration/. Everything should be configured, Network Service account has acces to the private keys of TLS cert. The CA that issued the TLS cert is in CZERTAINLY's trusted-certs list. I do not see the issue, could you help me please? It could be maybe something related to FW.

3keyroman commented 1 week ago

Hello @doloban , which version of the platform and connector you are using? Do you think you can share DEBUG logs from PyADCS Connector?

doloban commented 1 week ago

Hello, sure. CZERTAINLY is 2.13, PYADCS has default version, so 1.1.2. https-error.log

3keyroman commented 1 week ago

Based on the logs it seems that the connection to your server on port 5986 is not available. Can you check the firewall rules?

I do not see any messages related to having issues with the configuration of trust.

doloban commented 1 week ago

It truly was because of the unavailable connection to 5986 port. Thanks.