Because i just bought a cheap Windows VPS on Aliyun.com yesterday (obviously it’s a student discount), i am expecting to see a “security warning: Unknown Publisher / server” before i connect to that server using RDP.
It was a long time bee that always fly close to my ears, the security warnings, warnings about the connection etc… And now i finally have time to clear this out.
It’s actually as easy as 5 steps:
- Install the PFX file to the remote server (server level, in personal store)
- Get the certificate’s SHA256 hash
- Open CMD, download the configuration file
- Execute the file with correct arguments.
- Re-connect to that server
Configure RDP certificate:
Before you run this, your certificate needed to be added to the COMPUTER level of certificate manager (local machine) instead of user level.
You also need to extract the certificate’s Thumbprint from the cert file, run the below command in CMD Admin mode
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<thumbprint>"
Also, when you save the RDP connection into a .rdp file, you would realize that there’s a “Unknown Publisher” warning.
You could cease that warning by 3 steps:
- Install the PFX file to the server (which you would distrubute the connection file to your clients) (In user level, personal store)
- Get the certificate’s SHA256 hash
- Open CMD, run a command.
rdpsign /sha1 hash file1.rdp
Sources: