Gets certificates associated with RDS roles.


   [[-Role] <RDCertificateRole>]
   [-ConnectionBroker <String>]


The Get-RDCertificate cmdlet gets certificates associated with Remote Desktop Services (RDS) roles.

This cmdlet modifies an object that contains the following information:

  • Subject. The subject of the certificate.
  • SubjectAlternateName. A list of subject alternative name entries of the certificate.
  • IssuedBy. Common name of the issuer of the certificate.
  • IssuedTo. Common name of the IssuedTo field of the certificate.
  • ExpiresOn. Expiration date of the certificate.
  • Thumbprint. Thumbprint of the certificate.
  • Role. Remote desktop role service name. The possible roles are: RDGateway, RDWebAccess, RDRedirector, and RDPublishing.
  • Level. Certification level.

The certification levels are:

  • Not Configured. The role service is not configured with a certificate or the certificate is not valid.
  • Untrusted. The role service is configured with a self-signed certificate.
  • Trusted. The role service is configured with either enterprise certificate or public certificate.


Example 1: Get certificates for an RD Connection Broker

PS C:\> Get-RDCertificate -ConnectionBroker ""

This command gets certificates for server roles for the RD Connection Broker server named



Specifies the Remote Desktop Connection Broker (RD Connection Broker) server for a Remote Desktop deployment. If you do not specify a value, the cmdlet uses the fully qualified domain name (FQDN) of the local computer.

Default value:None
Accept pipeline input:False
Accept wildcard characters:False


Specifies a certificate type associated with an RDS server role. The acceptable values for this parameter are:

  • RDGateway
  • RDWebAccess
  • RDRedirector
  • RDPublishing
Accepted values:RDGateway, RDWebAccess, RDRedirector, RDPublishing
Default value:None
Accept pipeline input:False
Accept wildcard characters:False