How to Use SSL Certificate for RDP by Using Management Instrumentation (WMI) script

10. SSL&TLS > 02. SSL Purchase and Installation

1. Start Microsoft Management Console (MMC) Tool and import the Personal SSL certificate for the computer account

1.1 Click Start -> Run -> Enter MMC and click OK

 

 

 

 

 

 

 

 

 

 

 

1.2 Click File -> Add/Remove Snap-In...

 

 

 

 

 

 

 

 

 

 

1.3 Select Certificates in left panel and click Add to move it to right panel , then Click OK

1.4 Select Computer Account option and click Next

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.5 Click Finish

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1.6 Click OK

1.7 Expand Certificates Node and right click Personal -> Certificates -> All Tasks -> Import

1.8 Click 'Browse' to select correct Certificate file and click Next

1.9 Click "Finish" to complete the certificate Import Wizard

2. Click the imported certificate, in the 'Details' option, scroll down to the Thumbprint field and copy the space delimited hexadecimal string into a .txt file

3. Remove all spaces in the string from the .txt file

 
Note:  You'll also want to watch out for and remove a non-ascii character that sometimes gets copied just before the first character in the string. It's not visible in Notepad. You may see it when you running the commend in the next step 4.
 

4. At command prompt, run the following wmic command together with the thumbprint

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="d4274aea12dbfff5c11c389d8c7d1f23e76932cf"
 
If the cmd command does not work, you can also use the following powershell command:
 
$TSGS = Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace "root\cimv2\terminalservices"
Set-WmiInstance -Path $TSGS -Arguments @{SSLCertificateSHA1Hash="d4274aea12dbfff5c11c389d8c7d1f23e76932cf"}
 
RDP Certificate can be easily set via tool MicrosoftEasyFix20151.mini.diagcab.
 

5. Test RDP authentication connection

Note:
1. You need to use your certificate name rather than your server IP to connect to your server.
2. The certificate name must point to the server IP.
2.The referenced article is https://support.microsoft.com/en-au/help/3042780/remote-desktop-listener-certificate-configurations-in-windows-server-2
 
 
Article ID: 428, , Modified: November 22, 2022 at 9:10 PM

Add Feedback

Was this article helpful?

Share this article

Print