1

I am trying to find a command-line tool or script that I can use to select which certificate my Windows 2008 R2 Remote Desktop Session Host (Terminal Server) will use. I have the certificate installation automated, but my google-fu is failing and I am not find a method to select the certificate for use.

The setting I am trying to change via cli/script would be performed through the GUI doing the following

  • Open Remote Desktop Session Host Configuration
  • Double Click on RDP-Tcp for the properties
  • From the general tab click on the 'Select' button. A dialog box automatically shows up showing the certificate that I had already installed, click 'OK'.
  • Click 'OK'.

So please point me to any scripts, command line tools, registry hacks, or group policies that I could use to automate this certificate select step.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • If it makes you feel any better about your Google-fu, I have never been able to find a way to do this programatically either. – squillman Mar 01 '11 at 23:24

2 Answers2

1

PowerShell might do it for you...

I'm not sure how to script this.

On the RDS box, in Administrative Tools, Run As Administrator - Windows PowerShell Modules.

CD RDS:
CD .\RDSConfiguration\Connections\RDP-Tcp\SecuritySettings
Set-Item .\SSLCertificateSHA1Hash

You will need to have the thumbprint of the certificate, I believe.

Clint
  • 546
  • 2
  • 10
0

I would import RDS-module the before trying 'cd RDS'.

Here's a script to install a newly issued (±150 min) certificate:

Import-Module RemoteDesktopServices

$Date = (Get-Date).AddMinutes(-150)
$Cert = Get-ChildItem CERT:LocalMachine/My | ? {$_.NotBefore -gt $Date}

if ($Cert) {
    Write-Host "Installing new certificate.."
    cd RDS:\RDSConfiguration\Connections\RDP-Tcp\SecuritySettings
    Set-Item .\SSLCertificateSHA1Hash -Value $Cert.Thumbprint 
}

else {
    Write-Host "No recent certificates found."
}
i3laze
  • 1
  • 1