Wsman clear text password - security issues

Let me briefly explain my scenario.

Our opennms application opens with https and no longer with http. Even grafana has been configured with the same certificate.

We are using wsman without any connections to windows ad.

As soon as i configured wsman, our security team (bless them) has tagged the connections to the servers as risky because the POST credential are being done in clear text.

The server has been blacklisted unless we mask the credentials. Somone told me that all i need to do is to switch to 5986 and toggle ssl=“true”. I did all these but still nothing worked.

Any ideas please??


You either need to configure a HTTPS listener for wsman on your Windows machines, or you need to configure Kerberos on your OpenNMS instance (or both!). Either of those options remove the need for a plaintext password to go over the wire.