Configure SSL Certificate on RDS Server with Powershell

After installing an SSL certificate on an RDS Server, it can happen that a message is displayed during the connection. You will see the following message:

The identity of the remote computer cannot be verified. Do you want to connect anyway?

If you look at the information you see as a publisher: Unknown publisher.

Problem

This message is displayed, because there is (most likely) a self-signed certificate active to establish the connection. When you click on Show Details, you will see that the domain of the server is mentioned at: Name in the certificate from the remote computer. This indicates that the certificate is signed by the server and the issuer of the certificate is not considered trusted.

Solution

This problem can be solved by assigning the certificate via PowerShell. With the following command you can assign the certificate:

  • $path = (Get-WmiObject "Win32_TSGeneralSetting" -ComputerName "<RDS Server Name>" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="<Thumbprint>"}

Adjust the values between <>.

Pay attention: The certificate must be installed in the Personal folder in the MMC.


If the command fails, you can also assign the certificate via the command line. For this you use the command:

  • wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<THUMBPRINT>"


After the SSL certificate has been assigned, the Remote Desktop connection is established with the SSL certificate. The notification will then no longer occur.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up