Generate Certificate and Key pair
To import the certificate with its private key, you can do the following:
- Pack the certificate and its private key into a PKCS #12 file or PFX file using
- Import this PKCS #12 or PFX file into the certificate store.
openssl pkcs12 -inkey harrenhal.zespre.net.key -in harrenhal.zespre.net.crt -export -out harrenhal.zespre.net.pfx
Settings on Windows Side
Download the PFX.
To check the connection is actually being encrypted, you can use
openssl s_client to connect to the remote desktop service. See what you will get:
openssl s_client -connect harrenhal.zespre.net:3389 | openssl x509 -noout -text