Since we’re setting up our local network with a domain, I’d like to properly secure our connections to Remote Desktop sessions. One might argue that using self-signed certificated is valid in the context of the local network, but I don’t like the idea of collecting self-signed certificates in my key…

The Tricky Bit If you are using Remote Desktop Gateway use instructions here: Select an Existing Certificate for Remote Desktop Gateway | Microsoft Learn If you want this for a standalone server (my case) then use instructions here: Remote Desktop listener certificate configurations - Windows Serv…

this is a fairly manual process but it works it’s up to you if you use certbot on windows (read my other article on how to get this working) or one of the other clients such as ACME Sharp or https://github.com/Lone-Coder/letsencrypt-win-simple you can write the remote desktop update as a hook afte…

Thanks for all these details, @ahaw021 ! They should be super-useful and I’ll try to remember this thread in case people ask about this in the future. For removing the spaces from the fingerprint, do you have an equivalent of tr in the Windows command line, maybe with Powershell? In Unix you could u…

I would use the replace powerhsell command. there is a trim command in powershell but it removes leading and tailing spaces so not what we are after in this case :smiley: i usually do things "manually" first and then write the scripts e.g. $SHATHUMB = " 90 JF EF 83 DF" $SHATHUM = $SHATHUMB.rep…

Andrei, your posts are awesome! I’m glad you shared your knowledge here. Also, I didn’t know about https://zerossl.com , it’s a great starting point for experimentation! I bookmarked this conversation so that I can try to accomplish the same on my own, later on when I’ll set this up. As far I unde…

[image] ahaw021: read my other article on how to get this working You mean this? [image] Running Certbot on Windows - Phase 1 Client dev H… Bookmarked too.

yes that’s the one article this is where i am currently having challenges with windows i am trying to figure out how to put the RSA key in to the store. There is no point having a cert without a key. PFX allows us to do this. There is the certutil.exe utility which will generate a CSR and create…

in the mean time if openssl is on the system the openssl syntax can be scripted but i would like to do as much as i can with windows native tools :smiley: Andrei

there is also a library called iis_bridge which I am quite impressed with. so tossing up how to create an IIS installer plugin at the moment :smiley: whether to use hooks or the plugin system sorry for the ramblings :smiley: Andrei

No, that’s all good to know! And I agree that less external dependencies the better. Are you going to publish your scripts in a nice configurable way?

Using Let's Encrypt to secure Windows Remote Desktop connections

Server

mcdado March 16, 2017, 9:11am 10

You mean this?

Bookmarked too.

Topic		Replies	Views
Alternative of certbot and dns-rfc2136 plugin on Windows Help	9	2198	January 9, 2021
Remote desktop cert warning Help	24	5027	November 19, 2021
How am I supposed, for God's sake, to get let's encrypt's certificates using Windows, without setting up a web server? Help	20	5478	September 23, 2020
Configuring Internal Environment to Suit Externally Validated Domains Help	13	4130	June 14, 2017
How Letsencrypt work for windows IIS?	106	160075	June 14, 2020

Using Let's Encrypt to secure Windows Remote Desktop connections

Related topics