Working on a Server 2012 Standard R2 today that had an initial SSL self signed certificate. I needed to replace that certificate, so IIS and Remote Desktop would stop warning users about the security issue. In Server 2008, you could select which certificate you wanted Remote Desktop connections to use. In Server 2012 that GUI has been removed. It took me a little while to get everything down for Server 2012, but these are the steps I took. Hope this helps out someone else later on!
- Get the Thumbprint of the SSL certificate you want Remote Desktop to use
- Windows + R
- Type in mmc and hit enter
- Control + M (or File -> Add/Remove Snap In)
- Click on “Certificates” in the “Available snap-ins:” section
- Click the “Add >” button
- Select “Computer account”
- Click Next
- Select “Local Computer:”
- Click the “Finish” button
- Click “OK” button
- Open the “Certificates (Local Computer)” then, “Personal” and then “Certificates” sub folder.
- Double click the certificate you want Remote Desktop to use
- Click the “Details” tab
- Select “All” under “Show:” and scroll down to the “Thumbprint” field and select the “Thumprint” field.
- Copy the text of the hash.
- Remove all spaces from your copied hash
- Open “Power Shell” as an Administrator
- Run these power-shell commands (replace YOUR HASH HERE with your thumbprint you copied from step 1 above). You can run each line one after the other.
- $TSGeneralSetting = Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -Filter “TerminalName=’RDP-tcp'”
- $Hash = “YOUR HASH HERE”
- $TSGeneralSetting.SSLCertificateSHA1Hash = $Hash
- $TSGeneralSetting.put()
PowerShell should prompt you that everything went over successfully. Connect to the server again with Remote Desktop or RemoteApp, and it should be using the new SSL configuration!
Garrett S. Y. Hampton 