View Source

Describe when someone would need this information. For example "when connecting to wi-fi for the first time".

Step-by-step guide

Add the steps involved:

Create a working directory on the Desktop
1. We will call it SSL
Open the command prompt (CMD)
Change directory to the SSL folder we just created
cd Desktop/SSL
Generate a Certificate Signing Request (CSR)
openssl req -new -newkey rsa:2048 -nodes -out rdp.csr -keyout rdp.key
You can also use the DigiCert Easy CSR tool.
Get your certificate signed by your Certificate Authority of choice. We recommend DigiCert.
Copy your signed certificate into the SSL folder on the Desktop.
Create a PKCS#12 archive
openssl pkcs12 -export -in rdp-signed.crt -inkey rdp.key -out rdp.p12 -certfile more.crt
1. If your CA requires an intermediate certificate, append the following to the previous command before submitting it.
  -CAfile "intermediate_cert_from_CA.crt"
Press the Windows key + R to open the Run dialog
Run the local computer certificate manager
certlm.msc
Right-click the Personal store on the left
Hover over All Tasks
Click Import...
Click Next
Browse to the .p12 file from step 7
Click Next
Enter the password, if there is one
Click Next
Click Next again
Click Finish
Go to Personal > Certificates
Double-click the imported certificate
Click the Details tab
Scroll down and click Thumbprint
Copy the Thumbprint value to the clipboard
Paste the thumbprint into Notepad and remove any spaces

Open PowerShell and enter the following command, but don't press Enter yet

wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="<certificate thumbprint>"