Creating a Self Signed Cert and Trusting it for Windows RDP (No Domain)
In order to use a self-signed certificate for Remote Desktop Protocol (RDP) connections, you must first create the certificate, then configure the server to use it, and then trust the certificate on the client machines. This article will walk you through the process of creating a self-signed certificate, configuring the server to use it, and setting up the client machines to trust it.
Creating the Self-Signed Certificate
The first step is to create a self-signed certificate. This is done with the Certificates snap-in in the Microsoft Management Console (MMC). To open the MMC, click Start, type MMC and press Enter.
Once the MMC is open, click File and click Add/Remove Snap-in. In the Add or Remove Snap-ins window, click Certificates, click Add >, and then click Computer Account. On the Select Computer window, leave the default option, Local computer, and click Finish.
Now that the Certificates snap-in has been added to the MMC, you can create the self-signed certificate. Expand the Certificates tree and right-click on Personal and select All Tasks > Request New Certificate.
The Certificate Enrollment window will appear. On the Enrollment Policy tab, select Active Directory Enrollment Policy and click Next. On the Request Certificates tab, select the Web Server Certificate and click Enroll.
Once the certificate is issued, it will appear in the Personal > Certificates tree.
Configuring the Server to Use the Certificate
Now that the self-signed certificate has been created, the server must be configured to use it. To do this, open the Remote Desktop Configuration Manager and click the Certificates tab.
In the Certificates tab, click Select, and then select the self-signed certificate that was just created. Once the certificate is selected, click Apply and then click OK.
Trust the Certificate on the Client Machines
The last step is to trust the certificate on the client machines. To do this, open the MMC on the client machine and add the Certificates snap-in. Then, expand the Trusted Root Certification Authorities > Certificates tree and right-click on Certificates and select All Tasks > Import.
On the Certificate Import Wizard, click Next and then select the self-signed certificate that was created, and click Open. On the next window, select Place all certificates in the following store and make sure Trusted Root Certification Authorities is selected, and then click Next.
On the final window, click Finish. The certificate will now be trusted on the client machine and the RDP connection should now be successful.
In conclusion, creating a self-signed certificate, configuring the server to use it, and setting up the client machines to trust it is a relatively straightforward process. By following the steps outlined in this article, you should be able to successfully create a self-signed certificate and use it for RDP connections.