PowerShell Script to Use SSL Certificate in Windows Remote Desktop (RDP)

Changelog:

Date Change
2025-02-08 Fixed X509Certificate import to align with .NET updates. 
# GUI steps: https://superuser.com/a/1093160
$ErrorActionPreference = "Stop"

$fileURI = "https://example.com/certificate.pfx"
# $pfxPath = "C:\path\to\your\domain.pfx"
$pfxPassword = ""


## Download the pfx file

# Get a temporary file path
$pfxPath = [System.IO.Path]::GetTempFileName()

# Download the file to the temp file
Invoke-WebRequest -Uri $fileURI -OutFile $pfxPath

Write-Host "File downloaded to temporary file: $pfxPath"


## Import pfx file

# Import the PFX file into the Personal (My) certificate store for the Local Machine
# $certStore = "Cert:\LocalMachine\My"
# $pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$flags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet `
    -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet
# $pfx.Import($pfxPath, $pfxPassword, $flags) # Failed in the newer version of .NET
$pfx = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($pfxPath, $pfxPassword, $flags)

# Get the thumbprint of the newly imported certificate, which would be used later
$thumbprint = $pfx.Thumbprint

# Delete the temporary file after use
Remove-Item -Path $pfxPath -Force

# Add the certificate to the store
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine")
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
$store.Add($pfx)
$store.Close()

Write-Host "Certificate imported successfully into Local Machine\Personal store."


## Set permissions on the private key

# Find the most recent file in the private key folder (C:\ProgramData\Microsoft\Crypto\Keys)
$keyFolder = "C:\ProgramData\Microsoft\Crypto\Keys"
$latestKeyFile = Get-ChildItem -Path $keyFolder | Sort-Object LastWriteTime -Descending | Select-Object -First 1
$keyPath = $latestKeyFile.FullName

Write-Host "Latest private key file: $keyPath"

# Set the permissions on the private key
$acl = Get-Acl $keyPath
$user = "NETWORK SERVICE"
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule($user, "Read", "Allow")
$acl.AddAccessRule($rule)
Set-Acl -Path $keyPath -AclObject $acl

Write-Host "Permissions set for user $user on private key."


## Modify the registry to use the certificate

# Convert the SHA1 thumbprint (hex string) to an array
$sha1Bytes = for ($i = 0; $i -lt $thumbprint.Length; $i += 2) {
	[Convert]::ToByte($thumbprint.Substring($i, 2), 16)
}

# Define the registry path and value name
$regPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
$valueName = "SSLCertificateSHA1Hash"

# Write the binary value to the registry (cast explicitly as Byte[])
Set-ItemProperty -Path $regPath -Name $valueName -Value ([Byte[]]$sha1Bytes)

Write-Host "SHA1 thumbprint successfully written to the registry as a binary value."


# Define the RDP service name
$serviceName = "TermService"

# Restart the RDP service
# Restart-Service -Name $serviceName -Force

Write-Host "RDP service restarted successfully."

Comments

Post a Comment

Popular posts from this blog

Slang Terms About Money

Term Meaning Example Buck $1 “It costs 20 bucks.” K $1,000 “He makes 100K a year.” Dime $10 (or a tenth of a dollar) “I spent a dime on snacks.” Bill $100 “That’s a couple of bills.” C-note $100 “He handed me a C-note.” Benjamin $100 “I got paid in Benjamins.” Stack/Rack $1,000 “He dropped 5 racks on a new car.” G $1,000 “The job pays 50G a year.” Grand $1,000 “The car costs 20 grand.” Green Money in general “He’s got a lot of green.” Cheddar/Dough/Bread Money in general “Making bread is important.” Smackers/Clams/Bones Dollars (old-fashioned) “It cost me 50 smackers.”
Read more

Workaround for macOS Dictionary All Tab Issue

After installing custom dictionaries on macOS, you may encounter an issue where the All tab in the built-in Dictionary app does not display correctly. The main problem is that the CFBundleIdentifier key in the Info.plist file of the custom dictionaries is either missing or not unique. Here’s a step-by-step workaround I found to resolve the issue: Steps to Fix the Issue: Locate the ~/Library/Dictionaries directory. To do this, open Finder, press Cmd + Shift + G , and enter ~/Library/Dictionaries (the Library folder is hidden by default). Inside the Dictionaries folder, you will find a list of .dictionary files, which represent the custom dictionaries you have installed. To fix the issue, check the Info.plist file of each dictionary. Navigate to the .dictionary folder, then go to the Contents subfolder, where you will find the Info.plist file. Open the Info.plist file using a text editor or a plist editor. Look for the CFBundleIdentifier key in the ...
Read more

Mathematical Objects

A cheat sheet for mathematical objects and structures, useful for quick reference. Foundations of Sets and Relations Set A collection of distinct objects, often written as X = { x ∣ P ( x ) } X = \{x \mid P(x)\} X = { x ∣ P ( x )} , where P ( x ) P(x) P ( x ) is a property. No additional structure. Map / Function A mapping f : X → Y f: X \to Y f : X → Y assigns each x ∈ X x \in X x ∈ X to a unique y ∈ Y y \in Y y ∈ Y . Relation A subset R ⊆ X × X R \subseteq X \times X R ⊆ X × X , such as equivalence relations or partial orders. Basic Algebraic Structures Semigroup A set S S S with a binary operation ⋅ : S × S → S \cdot: S \times S \to S ⋅ : S × S → S such that: Associativity: For all a , b , c ∈ S a, b, c \in S a , b , c ∈ S , ( a ⋅ b ) ⋅ c = a ⋅ ( b ⋅ c ) (a \cdot b) \cdot c = a \cdot (b \cdot c) ( a ⋅ b ) ⋅ c = a ⋅ ( b ⋅ c ) . Monoid A semigroup with an identity element e ∈ M e \in M e ∈ M , satisfying: Identity: a ⋅ e = e ⋅ a = a ...
Read more

Essential Utilities for LaTeX Package and Class Development

Developing LaTeX packages or classes is not a common task for most users, who typically rely on pre-existing packages. According to the CTAN: Comprehensive TeX Archive Network , there are only 3,040 TeX developers worldwide (as of February 2025). As a result, online resources for LaTeX package and class development are relatively scarce. From my perspective, there isn’t currently a comprehensive guide to the utility commands essential for package development. So, I’ve compiled this blog post, gathering a set of useful commands and packages I’ve discovered or developed through experience. I hope it proves helpful for anyone who is developing—or planning to develop—LaTeX packages or classes. This post also serves as a personal reference for me to revisit the next time I work on a package. This post will be a dynamic document, and I’ll update it as I discover new commands. If you have any useful commands that I haven’t mentioned, please feel free to share them in the ...
Read more

Train PyTorch with Checkpoints

Training a PyTorch model with checkpoints is an important technique to ensure that the model is saved periodically during the training process. This helps to avoid losing all of the progress made during the training if there is a power failure, hardware failure or any other unexpected problem. To train a PyTorch model with checkpoints, you can follow these steps: Import the necessary libraries and packages. import torch import torch . nn as nn import torch . optim as optim from torch . utils . data import DataLoader Define your model architecture. class MyModel ( nn . Module ) : def __init__ ( self ) : super ( MyModel , self ) . __init__ ( ) self . fc1 = nn . Linear ( 784 , 128 ) self . fc2 = nn . Linear ( 128 , 64 ) self . fc3 = nn . Linear ( 64 , 10 ) def forward ( self , x ) : x = x . view ( x . size ( 0 ) , - 1 ) x = self . fc1 ( x ) x = nn . functional . relu ...
Read more