

When you open the new certificate, the General tab of the certificate will list the purpose as “Server Authentication.” You can validate that the certificate was created in the Certificates MMC snap-in. Select Client-Server Authentication, and then click OK. In the certsrv snap-in right-click Certificate Templates, and then click New > Certificate Template. Click OK, and then close the Certificates Templates console. On the Security tab, select Allow Autoenroll next to Domain Computers. Click OK until you get back to the Properties page. Click Add, and then select Server Authentication. On the Extensions tab, click Application Policies > Edit. On the General tab, change the Template display name to Client Server Authentication, and select Publish certificate in Active Directory. Right-click Workstation Authentication, and then click Duplicate Template. Right-click Certificate Templates, and then click Manage. In the Details pane, expand the computer name. Open CERTSRV.MSC and configure certificates. Here are the steps for creating the Server Authentication certificate from the template: You can use the Workstation Authentication template to generate this certificate, if necessary. You can also use certificates with no Enhanced Key Usage extension.Ĭreate a Server Authentication certificateĪs the name suggests, a Server Authentication certificate is required. The Enhanced Key Usage extension has a value of either “Server Authentication” or “Remote Desktop Authentication” (1.3.6.1.4.1.311.54.1.2). The certificate has a corresponding private key. The certificate is installed in the local computer’s “Personal” certificate store. As long as the client trusts the server it is communicating with, the data being sent to and from the server is considered secure.Ĭertificates in Remote Desktop Services need to meet the following requirements: When a communication channel is set up between the client and the server, the authority that generates the certificates vouches that the server is authentic. Using certificates for authentication prevents possible man-in-the-middle attacks. When a client connects to a server, the identity of the server and the information from the client is validated using certificates. Remote Desktop Services uses certificates to sign the communication between two computers.
