You’ll need a .pfx certificate in this guide, so once you have your certificate and any intermediates that need to be installed, export the certificate and include the entire chain the export, assign a password and then save the .pfx somewhere where you can access it from the terminal server.
On the Terminal Server in Question:
- Click “Start” and then “Run”.
- Enter “mmc” and then click “OK”.
- Click on the “File” menu and then select “Add/Remove Snap-in…”.
- Click “Certificates” and then click “Add >”, when prompted choose option “Computer Account” and then click “Next >”.
- Select “Local Computer” and then click “Finish”.
- Click “OK” to complete the add snap-in wizard and then expand “Certificates (Local Server)”.
- Right click on the “Personal” folder and then select “All Tasks”, then “Import…”.
- Click “Next >” and then locate the .pfx you’ve saved earlier. Click “Next >”
- Enter your password, and then click “Next >”, click “Next >”, click “Finish”.
- Now open “Remote Desktop Session Host Configuration”.
- Right click on “RDP-tcp” in the center of the window and select “Properties”.
- On the “General” tab, click the “Select” button, Select your certificate, and then click “OK”.
- Click “OK” one more time, and then all future connections will be secured by the certificate.