Customize Your Personal RDP Crt
Published Date: 2023-10-15 07:00:30Z
0x0 Environment
- OpenSSL 3.1.3 19 Sep 2023
- Win11
- PowerShell
0x1 Get your CA certificate and private key/CSR (optional)
You need a CA certificate to sign this code signing certificate. You can find out how in my previous post. {% post_link Create-cer-and-pvk-with-your-own-CA-in-OpenSSL Create-cer-and-pvk-with-your-own-CA-in-OpenSSL %}
0x2 Get your certificate with RDP extension
MyOrg.ext
subjectAltName = @MyOrg
extendedKeyUsage = serverAuth
keyUsage = keyEncipherment,dataEncipherment
[MyOrg]
DNS.1 = yourDomain.com
IP.1 = 192.168.1.100
IP.2 = 127.0.0.1
openssl x509 -req -CA MyCA.cer -CAkey MyCA.pvk -in MyPC.req -out MyPC.cer -days 365 -extfile MyOrg.ext
0x3 Merge your certificate and private key
Merge your certificate and private key into a .pfx file.
openssl pkcs12 -export -in MyPC.cer -inkey MyPC.pvk -out MyPC.pfx
Then, install it on Local Machine,Personal or Remote Desktop.
0x4 Fill in the thumbprint in the registry
You can get the pfx thumbprint from below command.
openssl x509 -in .\MyPC.pfx -fingerprint
Set the SSLCertificateSHA1Hash value of HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp to your thumbprint.
See Microsoft RDP for more details.
0x5 Done
Now, you can try connecting to your PC from another drive. You should see that the certificate being used is the one you created.