https://docs.ansible.com/ansible/2.6/user_guide/windows_winrm.html#certificate
For setting up Ansible to communicate with Windows Servers via WinRM pywinrm needs to be installed on anisble server
pip install pywinrm
winrm quickconfig
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
For proper WinRM communication over HTTPS using selfsigncert download this PowerShell scrip from Ansible GITHUB Repo
https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
.\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert
winrm enumerate winrm/config/listeners
Shutdown windows server (for reboots use win_reboot module). Also this is only for Dev use, Never shutdown a server outside DEV:
ansible -i hosts windows -m raw -a "Stop-Computer -Force" --ask-pass
ansible -i hosts -m raw -a "Get-PSDrive C,D" windows --ask-pass
Get-ChildItem -path cert:\LocalMachine\My
$selector_set = @{
Address = "*"
Transport = "HTTPS"
}
$value_set = @{
CertificateThumbprint = "?33C42A60F6FDD08707F851625097163D1C14C0C8"
}
New-WSManInstance -ResourceURI "winrm/config/Listener" -SelectorSet $selector_set -ValueSet $value_set -UseSSL
New-WSManInstance winrm/config/Listener -SelectorSet @{Address="*";Transport="HTTPS"} -ValueSet @{CertificateThumbprint = "??33C42A60F6FDD08707F851625097163D1C14C0C8"}
Remove-Item -Path WSMan:\localhost\Listener* -Recurse -Force
Get-ChildItem -Path WSMan:\localhost\Listener | Where-Object { $_.Keys -contains "Transport=HTTPS" } | Remove-Item -Recurse -Force
winrm set winrm/config/service '@{AllowUnencrypted="false"}'
winrm set winrm/config/client '@{AllowUnencrypted="false"}'
winrm get winrm/config
openssl pkcs12 -in file.pfx -out file.pem -nodes