Replace Remote Desktop certificate with a signed certificate

July 08, 2015

Replace Remote Desktop certificate with a signed certificate

Problem:

When we connect remote desktop in LAN, we will often face warning that the certificate is not issued by a trusted CA. If you have a domain, you can issue trusted certificate automatically to all domain computers.

Setup CA

Install CA role on any servers in the domain.
Push root CA into domain by Group Policy

Export the root CA
Put it into Group Policy

Therefore, all CA issued will be trusted by all domain computers automatically.

To create new certificate automatically.

Follow this instruction to

create a Certificate Template “RemoteDesktopComputer”

For step 8, remove “Client Authentication” and leave “Server Authentication”. Step 9-13 can be skipped.

Use Group Policy to push the Certificate template to domain computers.

You may need to use gpupdate /force to force computer to have immediate update of the policy. You may also need to disable/enable the remote desktop in order for the computer make request to CA to have a new cert.
You can go back to certsrv at CA to verify that certificate has been issued automatically.

Search This Blog

At the frontier of technology and business

Replace Remote Desktop certificate with a signed certificate

Comments

Popular Posts

Siebel - Extract Siebel File Attachment with SSEUNZIP or SSEMUZIP

Enable ssh and telnet on Xiaomi MiWifi R1CM without registering with Xiaomi