Saturday, June 1, 2019

Install a SSL Certificate into Remote Desktop / Terminal Server using MMC

How to Install a SSL Certificate into Remote Desktop / Terminal Server

This little tech tidbit is for those who like to use terminal servers or remote desktop to logon to their servers.  I will explain how to install a trusted certificate into terminal services. The first thing you need to do is the get a SSL certificate as a Standard PEM. You can get free SSL from SSLForFree.com, you should download the certificate and then use SSL Shopper's conversion tool to convert it to PFX/PKCS#12 form.  

Step 1 convert it from PEM to PKFS/12, using the sslshopper website converter
Step 2 Open MMC, add the Certificates plugin, as Computer Account, or just run certlm.msc
Step 3 Import the new certificate into your Personal Store
Step 4 Copy the new certificate into the Remote Desktop Branch
Step 5 Use this magic command to assign this certificate to terminal services.
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="PUT-the-THUMB-print-HERE"

Open your new certificate, and then Get the thumbprint from the certificate. It will look like this:
‎3b a2 15 ac 85 a3 ee 56 9b 2e 55 73 de 22 55 29 cb d4 8a 05

Put the thumbprint without spaces in the following command below. Be sure to use PowerShell. you can also use cmd.exe as Administrator to run this command. wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="PUT-the-THUMB-print-HERE"  copy this command to a administrative command prompt or powershell and hit enter. It should say successful and will now use the certificate you choose.

Screenshots from the import a SSL certificate process
Here's a great video that shows the process.

No comments:

Post a Comment