I am trying to configure Remote Desktop (RDP) on my Windows Server to use a specific certificate, but the system keeps using a self-signed certificate instead. I want to bind RDP to a certificate that I have installed in Remote Desktop → Certificates in certlm.msc.
What I Tried:
Checked which certificate is currently in use:
Get-WmiObject -Namespace "Root\CIMV2\TerminalServices" -Class Win32_TSGeneralSetting | Select-Object TerminalName, SSLCertificateSHA1Hash
- Output shows that RDP is using a self-signed certificate.
Attempted to set the correct certificate using WMIC (via Powershell with Administrator rights):
wmic /namespace:\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="b071217ae12bc2aa5ec0256d4e24c6ce60071a46"
- Error: "Invalid namespace"
Manually checked certlm.msc and confirmed that the certificate I want to use is installed under Remote Desktop → Certificates and issued by a trusted CA.
Tried setting the certificate via PowerShell:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name SSLCertificateSHA1Hash -Value "b071217ae12bc2aa5ec0256d4e24c6ce60071a46" Restart-Service TermService -Force
- After running this, I checked again, but RDP is still using the wrong certificate.
What I Need Help With:
Why is WMIC returning "Invalid namespace" when trying to set the certificate?
How can I force RDP to use the correct certificate that is already installed?