• Home
  • |
  • Blog
  • |
  • How to Create a Template for RDP Certificate in a Local Certificate Authority?
How to Create a Template for RDP Certificate

Nowadays, there is no buddy left in IT who didn’t work on a remote computer. This shows that how enormously the IT industries rely on the RDP service. This service has eased the life of IT professionals. It has given the freedom to manage the work from a central location. However, it has some caveats if we don’t manage it in a secure way. This service has raised several concerns to IT admins. The most prominent one is security. Considering the rising cybersecurity incidents, organizations need to manage the RDP services under the security umbrella. One of the most secure and easiest ways to manage network communications is encryption. Most of you know about HTTP(S) and how HTTP is secured using SSL/TLS encryption protocol. In the same way, RDP communications can also be secured using the SSL/TLS encryption protocol. To enable SSL/TSL encryption, we need to import RDP certificates on all the workstations and servers like HTTPS certificates. To have an RDP certificate, we should have an internal Certificate Authority deployed on the network with an RDP certificate template to issue RDP certificates for workstations and servers. Let’s look into how to create a template for an RDP certificate in this article.

How to Create a Template for RDP Certificate?

Time needed: 10 minutes

How to Create a Template for RDP Certificate?

  1. Open Certificate Authority

    Issue the ‘certsrv’ command on the CLIOpen certificate authority utility

  2. Open certificate management template

    Right click on the ‘Certificate Template’.
    Manage Certificate Template

  3. Create a duplicate template from “Computer” template


    Create a Template for RDP Certificate from Computer certificate template

  4. General settings on RDP certificate template

    Fill the Template Name, Validity, and Renewal Period in the general setting tab

    General settings on RDP certificate template

  5. Compatibility settings on RDP certificate template

    Choose Windows Server 2003‘ in the Capability Authority dropdown and Windows XP/ Server 2003 in the ‘Certificate recipient‘ dropdown

    Compatibility settings on SCOM certificate template

  6. Request Handling settings on RDP certificate template

    Set the Purpose to the ‘Signature and Encryption‘ and check the ‘Allow private key to be exported.

    Request Handling settings on SCOM certificate template

  7. Cryptography settings on RDP certificate template

    Set these three settings in the cryptography settings tab.

    Provider Category: Legacy Cryptography Service Provider
    Algorithm name: Determined by CSP
    Minimum Key Size: 1024 or 2048 as per Organisation security requirement.

    Select the ‘Request must use one of the following providers
    Click on ‘Microsoft RSA SChannel Cryptographic Provider


    Cryptography settings on SCOM certificate template

  8. Key Attestation settings on RDP certificate template

    The Key Attestation tab should look like the one below

    Key Attestation settings on SCOM certificate template

  9. Server settings on RDP certificate template

    It should be like this

    Server settings on SCOM certificate template

  10. Application Policies settings on RDP certificate template

    Go to ‘Extensions
    Edit the ‘Application Policies‘.
    Remove the Server Authentication and Client Authentication Policies to the Application Policy.
    Click Add -> New
    Enter ‘Remote Desktop Authentication‘ in the name and ‘1.3.6.1.4.1.311.54.1.2′ in the Object identifier

    RDP certificate template application policy settings

  11. Application policy in Extension settings on RDP certificate template

    Application policy should look like this

    Application policy settings RDP certificate template

  12. Subject Name settings on RDP certificate template

    Select ‘Supply in the request

    Subject Name settings on SCOM certificate template

  13. Issuance requirements settings on RDP certificate template

    Your Issuance requirements should be like this

    Issuance requirements settings on SCOM certificate template

  14. Issue the certificate template

    After creating the certificate template issue the template.
    1. Right Click on Certificate Template
    2. Click New
    3. Click Create Template to issue
    Publish SCOM Certificate Template

See Also  How To Fix The Microsoft Exchange Autodiscover Flaw?

The RDP certificates can be distributed across the organizations using GPO policies. We will try covering the GPO settings in another post as we don’t have the GPO configured at the time of creating this post.

Thanks for reading this post. We believe we have answered the question ‘how to create a template for an RDP certificate on an internal certificate authority. In the next post, we will show how to get the RDP certificate from the CA, how to deploy the certificate and bind it to the RDP services.

Read More:

About the author

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience spanning IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

To know more about him, you can visit his profile on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.