How-to Install custom certificate on RDP Server

Working on a Server 2012 Standard R2 today that had an initial SSL self signed certificate. I needed to replace that certificate, so IIS and Remote Desktop would stop warning users about the security issue. In Server 2008, you could select which certificate you wanted Remote Desktop connections to use. In Server 2012 that GUI has been removed. It took me a little while to get everything down for Server 2012, but these are the steps I took. Hope this helps out someone else later on!

Get the Thumbprint of the SSL certificate you want Remote Desktop to use
Windows + R
Type in mmc and hit enter
Control + M (or File -> Add/Remove Snap In)
Click on “Certificates” in the “Available snap-ins:” section
Click the “Add >” button
Select “Computer account”
Click Next
Select “Local Computer:”
Click the “Finish” button
Click “OK” button
Open the “Certificates (Local Computer)” then, “Personal” and then “Certificates” sub folder.
Double click the certificate you want Remote Desktop to use
Click the “Details” tab
Select “All” under “Show:” and scroll down to the “Thumbprint” field and select the “Thumprint” field.
Copy the text of the hash.
Remove all spaces from your copied hash
Open “Power Shell” as an Administrator

Run these power-shell commands (replace YOUR HASH HERE with your thumbprint you copied from step 1 above). You can run each line one after the other.

$TSGeneralSetting = Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'"
$TSGeneralSetting.SSLCertificateSHA1Hash = $Hash

PowerShell should prompt you that everything went over successfully. Connect to the server again with Remote Desktop or RemoteApp, and it should be using the new SSL configuration!

2020   certificate   powershell   RDP   windows