Setup Remote Desktop Connection Files / Certificate

Because i just bought a cheap Windows VPS on Aliyun.com yesterday (obviously it’s a student discount), i am expecting to see a “security warning: Unknown Publisher / server” before i connect to that server using RDP.

It was a long time bee that always fly close to my ears, the security warnings, warnings about the connection etc… And now i finally have time to clear this out.

It’s actually as easy as 5 steps:

  1. Install the PFX file to the remote server (server level, in personal store)
  2. Get the certificate’s SHA256 hash
  3. Open CMD, download the configuration file
  4. Execute the file with correct arguments.
  5. Re-connect to that server

Configure RDP certificate:
Before you run this, your certificate needed to be added to the COMPUTER level of certificate manager (local machine) instead of user level.
You also need to extract the certificate’s Thumbprint from the cert file, run the below command in CMD Admin mode

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<thumbprint>"

Also, when you save the RDP connection into a .rdp file, you would realize that there’s a “Unknown Publisher” warning.

You could cease that warning by 3 steps:

  1. Install the PFX file to the server (which you would distrubute the connection file to your clients) (In user level, personal store)
  2. Get the certificate’s SHA256 hash
  3. Open CMD, run a command.
rdpsign /sha1 hash file1.rdp

Sources:

TechNet RDP Certificate Warnings

Microsoft Docs (RDP Signing)

Scroll to Top