Windows 10: Port forwarding Remote Desktop RDP and installing SSL Certificate?

Is it possible to install an SSL Certificate just for RDP? I have a Windows 11 system I want to safely access over the internet but I cannot find any information on this topic. Is it not possible? All I see is info on how to do it for RDS Remote Desktop Services but I am just trying to do it for a personal system. I have a domain and an SSL Certificate for said domain. I am able to use RDP using my domain, but I just want it to be secure with SSL.

:)

 

how to use own SSL certificate for RDP server?

I have my certificate in both stores - Personal and Remote Desktop. And yes, i have my CA in Trusted Root Certification Authorities too. Even "golden" key is shown in certificate icon.

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="f4...95" wmic is succesful only when i have key SSLCertificateSHA1Hash=hex:f4...95 already in registry. Before that i got only "Invalid Parameter" error. I cannot restart TermService during RDP connection, but i guest reboot is equivalent.

Even with parameter -Force i cannot restart the service, it failed and only other option was reboot machine. Even local login was not possible.

There still must be some detail which i am missing.

 

how to use own SSL certificate for RDP server?

It took me some time to try it, but i still didn't succeeded. I did follow succesfully link to the Microsoft web but it not enough.

But my virtual machine still provides only its own selfsigned certificate. I am using mostly xfreerdp on Linux, but thumbprint is same with Microsoft Remote Desktop too.

Last thing i did tried was import certificate in P12 form (PKCS #12), which is basically combination of signed certificate and CA certificate in one package protected by password (it have same icon with small key) and i tried delete self signed certificate and then reboot. But even deleting didn't help. Windows instead of using only one available certificate just created new self signed certificate. So how i can do it? Does it have any solution? What if that certificate was issued by some of public CA, for example Let's Encrypt?

 

how to use own SSL certificate for RDP server?

I've been struggling with this because even though I followed MS docs exactly and set the registry key what happened is after reboot the registry key was deleted and RDP recreated a new self-signed cert. But there is another solution which worked as charm: Code:

replace THUMBPRINT portion with your cert thubmprint. I got this from here: security - Windows 10 Pro as RDP Host with SSL Certificate. How? - Server Fault It is important though that you put your certificate into Remote Desktop store and make sure to grant read permissions on private key located in Personal Store to NETWORK SERVICE. Once you grant permissions run the code above in Windows PowerShell then reboot system. If cert is self signed you also need to add certificate to trusted root on host system so that it doesn't ask you to trust it. What I would like learn now is a way to convert this code to be used with Get-CimInstance instead, it seems support for this is limited.