HTTPS with self-signed cert

[gqnelson]

I can't get winrm plugin to work over https.

We created a self-signed cert on the node. Changed auth type to ssl and the winrm port to 5986.

The job hangs for a while and then fails with this error:

/usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient/session.rb:800:in `rescue in block in parse_header': HTTPClient::KeepAliveDisconnected: Connection reset by peer (HTTPClient::KeepAliveDisconnected)
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient/session.rb:791:in `block in parse_header'
from /usr/local/rvm/rubies/ruby-1.9.3-p551/lib/ruby/1.9.1/timeout.rb:69:in `timeout'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient/session.rb:788:in `parse_header'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient/session.rb:771:in `read_header'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient/session.rb:547:in `get_header'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1294:in `do_get_header'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1241:in `do_get_block'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1021:in `block in do_request'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1134:in `rescue in protect_keep_alive_disconnected'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1128:in `protect_keep_alive_disconnected'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:1016:in `do_request'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:858:in `request'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/httpclient-2.7.1/lib/httpclient.rb:761:in `post'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/http/transport.rb:224:in `init_auth'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/http/transport.rb:166:in `send_request'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:489:in `send_message'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:390:in `run_wql'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/command_executor.rb:186:in `os_version'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/command_executor.rb:145:in `code_page'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/command_executor.rb:72:in `block in open'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/command_executor.rb:218:in `retryable'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/command_executor.rb:71:in `open'
WARN  WinRM::WinRMWebService : [WinRM] connection failed, terminating (#<HTTPClient::KeepAliveDisconnected: HTTPClient::KeepAliveDisconnected: Connection reset by peer>)
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:356:in `create_executor'
from /usr/local/rvm/gems/ruby-1.9.3-p551/gems/winrm-1.7.3/lib/winrm/winrm_service.rb:342:in `run_powershell_script'
from /etc/tomcat6/rundeck/libext/cache/rd-winrm-plugin-1.3.2/winrmexe.rb:105:in `<main>'

[spuder]

Sorry I don' know how much help I can be here since I've never tried it with self signed certs. It may not even work.

This rundeck plugin wraps around the winrm ruby gem. Perhaps try testing by calling winrm natively using irb

https://github.com/WinRb/WinRM#ssl

https://github.com/WinRb/WinRM

[vvchik]

fixed by #25

[mkhpalm]

I think what he's asking for is: no_ssl_peer_verification

Example hard coded fix:

WinRM::WinRMWebService.new(endpoint, :ssl, user: user, pass: pass, disable_sspi: true, :no_ssl_peer_verification => true)

Rather than hard coding, it should really be an option for the plugin.