To HTTPS or not to HTTPS?

Welcome Forums General PowerShell Q&A To HTTPS or not to HTTPS?

This topic contains 3 replies, has 3 voices, and was last updated by

3 years, 7 months ago.

  • Author
  • #26493

    Points: 0
    Rank: Member

    I figure this has been asked countless times over, but for some reason I cannot find a definitive answer.. maybe I'm a bad googler..

    So with PoSH remoting within a domain environment, I have seen articles stating basic HTTP provides security in authentication and moreso the entire session?

    So what is the reason for enabling the endpoint to use HTTPS?

    Pros, cons, whys?

  • #26494

    Points: 0
    Rank: Member

    HTTPS can still be valuable if you're not using Kerberos authentication (such as in environments where there is no Active Directory domain, or the client and server are in separate domains with no trust relationship, etc.)

  • #26495

    Points: 1,785
    Helping HandTeam Member
    Rank: Community Hero

    In a domain environment, your credential is never transmitted, so HTTPS does not improve authentication. In a domain environment, mutual authentication is built into the Kerberos protocol, so HTTPS does not provide that. In a domain environment, HTTPS encrypts the transmission. However, WS-MAN already applies encryption to a level of the transmission.

    So in a domain environment, HTTP gets you everything you need in terms of protecting authentication; HTTP does not encrypt the entire channel in the same way, but whether or not you feel you need that is very much subject to your circumstances.

    HTTPS is used when a domain is not available. It provides protection for Basic authentication, where credentials would otherwise be transmitted in the clear, and it provides mutual authentication. This is pretty clearly explained in "Secrets of PowerShell Remoting," which is free (Resources menu on this site).

  • #26497

    Points: 0
    Rank: Member

    excellent, this helps tremendously. thank you.

The topic ‘To HTTPS or not to HTTPS?’ is closed to new replies.