Windows 10: How to sign a .rdp file, when the certificate in in azure key vault, and after sign how to...

I have tried rdpsign command to sign .rdp file, but for thumbprint we need certificate in machine but in my case certificates are in azure key vault.Is there a way to sign a .rdp file, when the certificate in in azure key vault.I have tried, below steps:Hash the .rdp file using powershell command: Get-FileHash ".\test.rdp" -Algorithm SHA256converted the has to ToBase64Stringused az keyvault key sign --vault-name --name --algorithm RS256 --value command to get signatureAdded signature in .rdpnote: above steps suggested by AI. When tested with rdpsign tool to sign .rdp same way si

:)

 

How to sign Powershell profile w/ self-signed certificate?

I currently have my execution-policy set to AllSigned. I don't want to change it or bypass that restriction.

When I created my profile script--or whatever it's called--I wanted to do so in order to set permanent aliases.

For whatever reason, Microsoft has made it an ever increasingly difficult endeavor just to create permanent aliases.

The problem now is that it won't run the script because it isn't digitally signed.

I attempted to make a self-signed certificate to sign the blasted thing but I never got anywhere.

I've looked at a few guides online but they all assume I'm in a server environment or something (which means the steps keep changing or involve unnecessary steps).

In the end, I wound up with a code-signing cert and the thing is in my current-user cert store.

I'm trying to get this to work on my Windows 10 Pro desktop but I haven't a clue as to what I'm actually supposed to be doing.

Is it even possible to get what I'm asking for? *Confused

P.S. - I have no experience with either Powershell or certificates. The only reason I know what I've mentioned so far is because I spent 2-3 minutes glossing over the help files. My knowledge of PKI has me understanding that you need a private key to sign something, but I can't even get the certificate to validate my own key so it's kind of getting me flustered at this point.

 

RDP Self Signed Certificate 3389 Remote Desktop Protocol

Tenable Nessus Scans showing self signed cert used for RDP on port 3389.

Done my due diligence -

1. Cert is located in certlm.msc > Remote Desktop

2. You can create a custom template and generate a cert to be used for RDP and put in that folder

3. Deleting the self signed - it just regenerates it when you reboot

4. Found some reg hacks to tell windows to use the generated cert

5. found some other permission hacks to stop self signed from being regenerated

through all that - some how RDP broke and I had to revert everything.

In short - this is classified as a medium vulnerability and it would be nice if MS would create a document or actual approved process to resolve this vulnerability.

Most articles I found were in relation to RDS which we don't use - this is just built in RDP to servers / workstations etc.

---

VULNERABILITIES

MEDIUM

PLUGIN ID57582

Description

The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.