Share via

RDP signing tips

SchiSchi 1 Reputation point
2022-09-02T13:53:02.377+00:00

Hello,

just would like to know something about the standard way to sign a RDP file with rdpsign:

Which cert should/could I use? In my case we have a own internal CA which is distributed to all of our servers and clients.
Can/Should I use one cert to sign all of my RDP files? Aka "The RDP file cert"
Should I use a new cert for everey new RDP file?

Thats some needed facts I haven't found on the internet. Hope you can help me.

Kind regards
SchiSchi

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Remote desktop services and terminal services
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JimmySalian-2011 42,491 Reputation points
    2022-09-02T14:01:33.24+00:00

    Hi,

    yes it is possible to configure a single or SAN based certificate to the RDP servers , please follow the process and requirements here. dn781533(v=ws.11).

    In short the certificates you deploy need to have a subject name or subject alternate name that matches the name of the server that the user is connecting to. For example, for Publishing, the certificate needs to contain the names of all the RDSH servers in the collection. The certificate for RDWeb needs to contain the FQDN or the URL, based on the name the users connect to.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. SchiSchi 1 Reputation point
    2022-09-02T14:23:10.64+00:00

    Maybe I'm getting this complete topic wrong... but the destination server for which I want to sign the RDP file is not controlled by me.
    I just want to get rid of the "Unknown publisher" warning when connecting to the server.

    0 comments
  3. JimmySalian-2011 42,491 Reputation points
    2022-09-02T14:27:08.563+00:00

    Oh okay as earlier the question was how to use Cert, anyways the link here discsusses same issue with rdpsign and the fix rdp-unknown-publisher-warning

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  4. Limitless Technology 39,921 Reputation points
    2022-09-09T08:19:45.553+00:00

    Hello there,

    To get rid of the "Unknown publisher" warning when connecting to the server you must understand that unless there are security requirements that they must meet, most organizations don’t deploy certificates for systems where they are simply enabling RDP to allow remote connections for administration, or to a client OS like Windows 10.

    Kerberos plays a huge role in server authentication so feel free to take advantage of it. You can read more about this from the below article

    Remote Desktop Connection (RDP) - Certificate Warnings https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/remote-desktop-connection-rdp-certificate-warnings/ba-p/259301

    Using certificates in Remote Desktop Services https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn781533(v=ws.11)

    ---------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept it as an answer–

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.