Asked by:
Remote Desktop Certificate 2008 R2

-
Hi
Can someone tell me which KB update enables sha256 on server 2008 R2 for the RDP certificate or if a registry entry needs to be changed. Found a few articles online and tested installs of various kb's mentioned but nothing seems to change the default from sha1.
Alternatively if someone can point me to a good guide on how to use an internal CA to generate a replacement certificate which can be placed on workgroup only servers in our DMZ and replace the self-signed one?
Thanks
Question
All replies
-
Hi,
SHA1 Key Migration to SHA256 for a two tier PKI hierarchy:
https://blogs.technet.microsoft.com/askds/2015/10/26/sha1-key-migration-to-sha256-for-a-two-tier-pki-hierarchy/
Operating a Windows PKI: Renewing CA Certificates:
https://blogs.technet.microsoft.com/xdot509/2013/06/06/operating-a-windows-pki-renewing-ca-certificates/
Above are suggestions and just for your reference. If you have more question about Certificate, I would recommend you to post on TechNet – Windows Server – Security forum, relate product expert may provide you more suggestion:
https://social.technet.microsoft.com/Forums/en-us/home?forum=winserversecurity&filter=alltypes&sort=lastpostdesc
Thank you for your understanding.
Best Regards,
Eve WangPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.- Proposed as answer by J.Couwenberg Wednesday, July 4, 2018 7:15 AM
-
Hi,
How things are going there on this issue?
Please let me know if you would like further assistance.
Best Regards,
Eve WangPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. -
Hi,
Is there any update?
Please click “Mark as answer” if any of above reply is helpful. It would make this reply to the top and easier to be found for other people who has the similar problem.
Best Regards,
Eve WangPlease remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com. -
Sorry for the delay but this does not answer the initial question.
We update our servers regularly with critical and security updates, updates that are specified in various posts are applied to our servers, yet if you delete the self-signed certificate for RDP and restart a new one is generated but only as sha1 not sha256.
I need to know which specific update changes 2008 R2 from using sha1 to sha256.