Change Windows RDP SSL Cert from Default to Comodo Free SSL

This article describes how to change the SSL cert for you Windows server to match a hostname so that when you remote desktop to a windows server, you don’t get a warning for the identity and the SSL cert.

Go to Sectigo (Comodo) and sign up for a free ssl.

First, generate a CSR.


Set up the CSR

Godaddy –

CSR Generation: Using certreq (Windows)
This article is for administrators who prefer the command shell!

Save the following file as request.inf on your server editing the subject according to the comment:

;----------------- request.inf -----------------

Signature="$Windows NT$"

Subject = "C=US," 

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256 

OID= ; this is for Server Authentication / Token Signing

then run

certreq -new request.inf request.csr

This add the key as well –


Finish install: