How to configure Administrator RDP with LE Certificate (non AD server)


#1

I am trying to figure out how to configure the RDP service to use my LE certificate for incoming RDP sessions to get rid of the annoying warning about the default certificate not being verified. What I have found involves AD connected machines, and this is a standalone IIS server. I know there is not a lot of information here, and not sure what you need, so feel free to ask for any details you need.

BTW I am using Certify the Web application to automate the certificate renewals.

I have searched but did not find what I was looking for, so if it does already exist and I just missed it, please provide me with the link, and accept my apologies for the duplicate posting. :slight_smile:


#3

So basically I need to import the existing certificate (currently under Personal) into the Remote Desktop Certificates folder.

If this is correct, will the certificate update when Certify renews the certificate, or will I have to reimport it?


#4

(Actually that previous method won’t work)

I will give you a sample of a method that can work.
But it is up to you to get all the pieces of the puzzle to automate it with LE.
It is from work I did to prove you can use a SHA256 bit RDP cert (some systems still defaulted to SHA1) in March of 2017. But it lays the groundwork for what your trying to do.


#5

Ok thanks for your help :slight_smile:


#6

Here goes…

Simple 256 bit RDP cert (expires 8/3/2044) install

  1. Install RDP256.PFX (password=256) into computer default location.
  2. Run this command as admin:
    wmic /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=“cb7eb3d0e0da1f8c3fa282bf096a00331276c679”
  3. restart remote desktop services or reboot

#7

You can get a copy of the pfx file at:
https://zerofive.com/rdp256.pfx


#8

Here are some screenshots of the cert in action:
image



#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.