You are currently viewing Install SSL Certificate for RDS Deployment using PowerShell

Install SSL Certificate for RDS Deployment using PowerShell

I have an issue while installing the SSL Certificate for RDS Deployment using GUI. Therefore, I use the PowerShell command to do that. Basically, the command is using Set-RDCertificate CmdLet.

The Set-RDCertificate cmdlet imports a certificate or applies an installed certificate to use with a Remote Desktop Services (RDS) role. You can use this cmdlet to secure an existing certificate by using a secure string for the password.

Get Installed SSL Certificate

To check the installed SSL Certificate for RDS Deployment, you can use the command Get-RDCertificate.

Get-RDCertificate

Install SSL Certificate

If you use the PFX file, you can use the command below:

$Password = ConvertTo-SecureString -String "EnterYourPassword" -AsPlainText -Force
Set-RDCertificate -Role RDRedirector -ImportPath "C:\Certificates\Redirector07.pfx" -Password $Password -ConnectionBroker "RDCB.msnoob.com"

If you have already installed the SSL Certificate on your RDS Broker, you can use the following command to install the SSL Certificate. Make sure the SSL Certificate is installed in the “cert:\localmachine\my” store on each server running the specified RDS role.

Set-RDCertificate -Role RDRedirector -Thumbprint fedd995b45e633d4ef30fcbc8f3a48b627e9a28b -ConnectionBroker "RDCB.msnoob.com"

As you can see in the command above, there is “Role” parameter. This parameter specifies a certificate type associated with an RDS server role. There are four roles you can use:

  • RDGateway
  • RDWebAccess
  • RDRedirector
  • RDPublishing

PowerShell Script

To simplify the process of deploying/replacing the RDP certificate on the RDS Deployment, I have written a PowerShell Script that takes care of the SSL Certificate installation on RDS Deployment.

###################################################################################
#  File Name: RDSCert.ps1														  #
#  Description: Simple Script to Apply RDS Certificate                  	      #
#  Version: 1.0		                                                              #
#  Creator: Ardian   				                                              #
#  Emails: [email protected]               									  #
#  Blog: msnoob.com		           					                              #
# 				                                                                  #
#  Date: May 2019                                                                 #
#  Notes: RDSH Certificate Deployment											  #
#                                                                                 #
###################################################################################
Function Get-PfxFile(){
    [System.Reflection.Assembly]::LoadWithPartialName(“System.windows.forms”) | Out-Null
    $FileBrowser = New-Object System.Windows.Forms.OpenFileDialog -Property @{
        InitialDirectory = [Environment]::GetFolderPath('Desktop')
        Filter = 'Personal Information Exchange (*.pfx)|*.pfx'
    }
    $FileBrowser.ShowDialog() | Out-Null
    $FileBrowser.FileName
}
$Path = Get-PfxFile
$Password = Read-Host "Enter your PFX file password"
$Pass = ConvertTo-SecureString $Password -AsPlainText -Force
$ConnectionBroker = Read-Host "Enter Connection Broker FQDN"
Write-Host
Write-Host "1. RDRedirector"
Write-Host "2. RDGateway"
Write-Host "3. RDWebAccess"
Write-Host "4. RDPublishing"
Write-Host "5. Configure All"
Do { $choice = Read-Host "Select RDS Role you want to configure (1-5)" }while ((1..5) -notcontains $choice)
switch ($choice){
    "1" {Set-RDCertificate -Role RDRedirector -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path; break}
    "2" {Set-RDCertificate -Role RDGateway -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path; break}
    "3" {Set-RDCertificate -Role RDWebAccess -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path; break}
    "4" {Set-RDCertificate -Role RDPublishing -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path; break}
    "5" {
        Set-RDCertificate -Role RDRedirector -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path
        Set-RDCertificate -Role RDGateway -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path
        Set-RDCertificate -Role RDWebAccess -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path
        Set-RDCertificate -Role RDPublishing -Password $Pass -ConnectionBroker $ConnectionBroker -Import-Path $Path
    }
}

Any question or feedback is welcome.

Leave a Reply