Create self-signed terminal services certificate and install it

certificaterdpwindows-server-2012windows-terminal-services

The server RDP certificate expires every 6 months and is automatically recreated, meaning I need to re-install the new certificate on the client machines to allow users to save password.

Is there a straightforward way to create a self-signed certificate with a longer expiry?

I have 5 servers to configure.

Also, how do I install the certificate such that terminal services uses it?

Note: Servers are not on a domain and I'm pretty sure we're not using a gateway server.

Best Answer

You can create a self-signed certificate with many different tools. Makecert is one such tool:

http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx

The OID for 'Server Authentication' is 1.3.6.1.5.5.7.3.1, so the argument -eku 1.3.6.1.5.5.7.3.1 will be in there somewhere.

makecert -r -pe -n CN="MyServer" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -b 01/01/2000 -e 01/01/2036

That should get you a self signed certificate in your computer's personal store that expires in 2036.

Best Answer

Related Solutions

remote-desktop – How to Install Certificate in RDP-TCP Properties

Ssl – How to secure Remote Desktop sessions on Windows 2008 R2 server

Related Topic