Generate Certificate and Key pair

To import the certificate with its private key, you can do the following:

  1. Pack the certificate and its private key into a PKCS #12 file or PFX file using openssl pkcs12.
  2. Import this PKCS #12 or PFX file into the certificate store.
openssl pkcs12 -inkey -in -export -out

Settings on Windows Side

Download the PFX.

mmc Snap-in

Request Certificate with New Key

To check the connection is actually being encrypted, you can use openssl s_client to connect to the remote desktop service. See what you will get:

openssl s_client -connect | openssl x509 -noout -text