Self signed cert in the Remote Desktop cert store

All replies

• 

  

  0

  Sign in to vote

  Hi,

  you can't "upgrade" an existing cert (apart form sha1, since your key is too short you definitely need to re-sign with a longer key). So you must re-create the self-signed cert with the same CN.

  My tool of choice for this is SelfSSL7 (http://blog.michaelhidalgo.info/2013/04/generating-self-signed-certificates_17.html) but there are other ways, e.g. using openSSL (http://www.akadia.com/services/ssh_test_certificate.html)

  ---

  Evgenij Smirnov

  msg services ag, Berlin -> http://www.msg-services.de
  my personal blog (mostly German) -> http://it-pro-berlin.de
  Windows Server User Group, Berlin -> http://www.winsvr-berlin.de
  Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com

  In theory, there is no difference between theory and practice. In practice, there is.

  • Proposed as answer by Jesper Arnecke Thursday, September 29, 2016 9:52 AM
  • Marked as answer by Jay Gu Wednesday, October 12, 2016 10:26 AM

  Wednesday, September 28, 2016 6:35 PM
• 

  

  0

  Sign in to vote

  Thanks for the reply but I tried generating a new self-signed cert and getting rid of the old one but after a reboot the old cert with the weak hash re-appears. Any thoughts on where windows is keeps the settings for the Remote Desktop cert?

  Attached is a screen shot of the cert i am referring too:

  

  Thursday, September 29, 2016 1:44 PM
• 

  

  0

  Sign in to vote

  here you go: http://www.vkernel.ro/blog/replace-the-default-self-signed-certificate-on-a-rd-session-host-server

  ---

  Evgenij Smirnov

  msg services ag, Berlin -> http://www.msg-services.de
  my personal blog (mostly German) -> http://it-pro-berlin.de
  Windows Server User Group, Berlin -> http://www.winsvr-berlin.de
  Mark Minasi Technical Forum, reloaded -> http://newforum.minasi.com

  In theory, there is no difference between theory and practice. In practice, there is.

  Thursday, September 29, 2016 1:52 PM
• 

  

  0

  Sign in to vote

  I received a new cert (SHA256 Hash and 2048 key) issued from a CA server. I then added it to the Remote Desktop store and deleted the weak cert. I rebooted the server and found that the weak cert re-appeared in the store. Not sure how it is being re-created or how to get rid of it.

  Monday, October 3, 2016 12:58 PM
• 

  

  0

  Sign in to vote

  Hi Sign,

  Did you able to manage to generate certificate using selfssl7.exe with hash algorithm of Sha256 ?? 

  Monday, August 14, 2017 8:44 AM
• 

  

  0

  Sign in to vote

  Hi Evgenij Smirnov,
  Here,  Would like to create self signed certificates with stronger algorithm like SHA256 using SelfSSL tool.   ( by default selfssl7 is using SHA1).  Would like give as inputs the stronger algorithm while generating the self signed certificates.   
  
  Any suggestions. thanks. 
  

  Monday, August 14, 2017 8:50 AM