Connect to target using SSL with a different name than certificate

Connect to target using SSL with a different name than certificate

Q. I want to connect to a target server over HTTPS with PowerShell with a name other than its certificate common name, can I?

A. Yes this is possible but this is not something you should be doing. Using HTTPS gives the client two things; encryption and assurance the target server is who it says it is (mutual authentication). By disabling the name check the target could be anyone since the name does not have to match the certificate. To skip the name check a session option object should be created and used:

$option = New-PSSessionOption -SkipCNCheck
Enter-PSSession -computerName workgroupsrv -sessionOption $option -credential $cred -useSSL

It is now possible to connect using a name other than the server name in the certificate. The encryption is still present but the mutual authentication is no longer assured.

Note that another option is -SkipCACheck which enables the connection even if the certificate is issued from a CA not trusted by the client.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish