Ping a Specific Port

Question

Andy Joiner

Asked: 2013-12-17 02:24:10 +0800 CST2013-12-17 02:24:10 +0800 CST 2013-12-17 02:24:10 +0800 CST

Create self-signed terminal services certificate and install it

772

The server RDP certificate expires every 6 months and is automatically recreated, meaning I need to re-install the new certificate on the client machines to allow users to save password.

Is there a straightforward way to create a self-signed certificate with a longer expiry?

I have 5 servers to configure.

Also, how do I install the certificate such that terminal services uses it?

Note: Servers are not on a domain and I'm pretty sure we're not using a gateway server.

3 Answers

Voted

Ryan Ries · Answer 1 · 2013-12-17T06:20:41+08:00

Ryan Ries

2013-12-17T06:20:41+08:002013-12-17T06:20:41+08:00

You can create a self-signed certificate with many different tools. Makecert is one such tool:

http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx

The OID for 'Server Authentication' is 1.3.6.1.5.5.7.3.1, so the argument -eku 1.3.6.1.5.5.7.3.1 will be in there somewhere.

makecert -r -pe -n CN="MyServer" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -b 01/01/2000 -e 01/01/2036

That should get you a self signed certificate in your computer's personal store that expires in 2036.

4

Zoredache · Answer 2 · 2013-12-17T12:44:12+08:00

Zoredache

2013-12-17T12:44:12+08:002013-12-17T12:44:12+08:00

If you have a large domain, the best result would be to setup an enterprise Certificate Authority. Then just setup policies so that your system automatically acquire a valid certificate from the CA.

Also setup policies so that any certificates issued from that CA will be automatically trusted.

2

9swampy · Answer 3 · 2014-09-06T14:36:24+08:00

9swampy

2014-09-06T14:36:24+08:002014-09-06T14:36:24+08:00

Completing Ryan Ries' answer above (as I've just worked out)

Execute the makecert command suggested

makecert -r -pe -n CN="MyServer" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -b 01/01/2000 -e 01/01/2036

Manage Computer Certificates - you'll find the created certificate in Personal Certificates
Export the certificate (right click -> all tasks -> export -> include private key -> give it a secure password)
On the TS server, open RD Gateway Manager
Right click on the TS Server -> Properties -> SSL Certificate tab
Import the certificate

...you should be good to go.

2

Create self-signed terminal services certificate and install it

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?