IT Knowledge Base

User Tools

Site Tools


Contact me at for any feedback or suggestions.

My other sites:

Search all my sites:


SSL Certificates for Remote Desktop Services

Recently, all public certificate providers are stopping issuing certificates with ‘.LOCAL’ in them

Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services | Ask the Performance Team Blog - also includes good info on wildcard / SAN certificate options

Install Certificate on Session Host

Source: RDS 2012 session host certificate assignment

Applies to: Server 2012 and 2012 R2 (confirmed on R2)

$pass = ConvertTo-SecureString "PasswordToThePFXFile" -AsPlainText -Force
$thumbprint = (Import-PfxCertificate -Password $pass -CertStoreLocation cert:\localMachine\my -FilePath 'C:\CalibreOne\cert\export.pfx').thumbprint
$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}

Installing certificate on the Gateway

Assuming you have a real (eg GoDaddy) certificate in PFX format (if it's already is mmc, right click in and export, along with private key),

There's several places where this needs to be imported into the RD Gateway

  1. In RD Gateway Manager, Right click the server, properties, SSL Certificate tab
  2. In the Deployment properties, select each role service, “Select existing certificate”, “Choose a different certificate”, browse to the PFX and enter the password. Do the same for each role service. Use the same certificate for all (suggest a wildcard eg *
ssl_certificates_for_remote_desktop_services.txt · Last modified: 2018/04/09 09:56 (external edit)