Microsoft Remote Desktop Certificate

From My Notepad
Jump to: navigation, search


This process can be automated if you are running Microsoft CA services, otherwise use the manual processes below.

Manually replacing RDP certificate

Install the new certificate in the Local Computer Personal store:

# If no password is needed
Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -FilePath cert.pfx

# If a password is needed
$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'
Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My -Password $mypwd.Password -FilePath cert.pfx

After installing the new certificate in the Local Computer Personal store, run the following commands:

Set-Location Cert:\LocalMachine\my
# Pick the Thumbprint of the certificate you wish to use

#Replace Certificate for RDS 
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="[new_cert_thumbprint]"

# Verify
Get-WmiObject "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"

This effectively updates the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SSLCertificateSHA1Hash