Share via

Internal PKI - RDP Certs

Anonymous
2023-08-21T23:36:26+00:00

This is my first time building an enterprise PKI . I am working on setting up group policy for RDP Certs. I followed this video https://www.youtube.com/watch?v=-TECgemk_88. 
So when I do a GPO update it seems to Generate two RDP certs a min apart. Is this normal? Cert validity is 1 day and renew is 2 hours.
I know it process the group policy each time a users logs in. But I don't want to have a million certs floating around. Also what is the process for a cert to auto renew? If a RDP cert is expired and a users tries to login how does the cert get renewed?

Windows for business | Windows Server | User experience | Remote desktop services and terminal services

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-08-22T08:04:03+00:00

    Hello Mike,

    In terms of auto-renew, according tothis article author Tim commented “In regard to the renewal during reboot scenario, this would happen if you have a cert lifetime that's extremely short (more likely your case) or have a renewal period that spans the GPO refresh cycle. Double check the template settings and certificate lifetimes.”

    Generally, during the auto-renewal process, a new certificate is issued to replace the expiring one. This doesn't result in duplicate certificates; it's a seamless replacement. The new certificate inherits the same public and private key pair as the old one. This is important to maintain consistency and security.

    Also, according to group policy ‘server authentication certificate template’ description, it says if more than one certificate is found, it will utilize the one expires latest.

    Thank you,

    Karlie Weng

    0 comments