question

GiorgioM-4220 avatar image
0 Votes"
GiorgioM-4220 asked Jingruihan-MSFT commented

self-signed certificate for remote desktop

I have two workstation connected in workgroup serverless.
They are connected by remote desktop with a certificate that expired every 6 months.
I need to create a new certificate that expire in 10 years and use it for the next connection.
I made this operations:

  • From the host, I created a self-signed certificate that expire in ten years

  • From the host I exported the certificate

  • Imported the certificate in the client

How do I configure the two workstation in order to connect with the new self-signed certificate?

Thanks

Giorgio.M


remote-desktop-client
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Jingruihan-MSFT avatar image
1 Vote"
Jingruihan-MSFT answered Jingruihan-MSFT commented

In your position, I'd like recommend you add certificates to the Trusted Root Certification Authorities store for a local computer. In other words, you have to import the self-signed certificates to Trusted Root Certification Authorities store on the client workstation.
Launch MMC (mmc.exe).
Choose File > Add/Remove Snap-ins.
Choose Certificates, then choose Add.
Choose Computer Account.
Import new certificate to Console Root\Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates. Specify the file you want to import and follow the instructions in the wizard to complete the process.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for your answer, but I need to use a self signed certificate and I would like understand the procedure to configure the two workstation in order to use the new certificate

0 Votes 0 ·

Hi Giorgio.M

As you said it's worked that use self-signed certificates for workgroup serverless purposes. It is necessary to install the certificate on all of the RD Session Host servers manually. This is because there is no way to do this using the Server Manager GUI, and the certificate is not applied to session host servers automatically when configuring the certificates on the other roles. You may set the certificate using wmi. Please import the certificate and its private key into each RDSH server's Local Computer\Personal store (using Certificates mmc snapin), then run the following command in an administrator command prompt:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="e2f034c171b92afc96b23b7f4da15728c1e461a9"

I hope this would be some help.

1 Vote 1 ·

Hi Jingruihan,
the new certificate, I will create from Remote Dersktop server or fron the other workstation?

Thanks

Bye

0 Votes 0 ·

Thanks @JimmyYang-MSFT,
this solution is right, now it's run

Thanks

Bye

0 Votes 0 ·
Show more comments