Windows Server – RDP and MSSQL: Change SSL certificate
In the following I show how the SSL certificate for RDP and MSSQL can be changed quickly under Windows Server. To do this, the SSL certificate must first be converted to PFX format. Then the certificate can be imported under “Local Computer”.
However, it is recommended to open the Windows Power Shell before the import process and execute the following command:
Get-ChildItem -Path cert:/LocalMachine/MyThis will output the currently installed certificates with fingerprints. Consequently, as soon as we import a new certificate, a new certificate with a new fingerprint should appear. We will need this new fingerprint again later.
To change the RDP server certificate now we only have to execute the following command (as administrator):
$TSpath = (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $TSpath -Argument @{SSLCertificateSHA1Hash="FINGERPRINT"}The FINGERPRINT here is of course to be replaced with the previously noted fingerprint of the new SSL certificate.
This means that the RDP certificate has already been changed.
To exchange the SQL server certificate the SQL server configuration manager must be started. Under SQL-Server network configuration right click on “Protocols for SERVERNAME”->Properties->Certificates. Now the correct (new) certificate can be selected here.
This also replaces the MSSQL SSL certificate.