Generate Certificate and Key pair

To import the certificate with its private key, you can do the following:

  1. Pack the certificate and its private key into a PKCS #12 file or PFX file using openssl pkcs12.
  2. Import this PKCS #12 or PFX file into the certificate store.
openssl pkcs12 -inkey harrenhal.zespre.net.key -in harrenhal.zespre.net.crt -export -out harrenhal.zespre.net.pfx

Settings on Windows Side

Download the PFX.

mmc Snap-in

Request Certificate with New Key

To check the connection is actually being encrypted, you can use openssl s_client to connect to the remote desktop service. See what you will get:

openssl s_client -connect harrenhal.zespre.net:3389 | openssl x509 -noout -text

References