差異處
這裏顯示兩個版本的差異處。
下次修改 | 前次修改 | ||
microsoft:rdp_certificate [2017/05/27 17:29] – 建立 jal | microsoft:rdp_certificate [2017/05/27 18:05] (目前版本) – jal | ||
---|---|---|---|
行 1: | 行 1: | ||
====== Windows RDP Service 使用正式憑證 ====== | ====== Windows RDP Service 使用正式憑證 ====== | ||
- | 記錄一下步驟 | + | Windows RDP Service using Signed Certificate |
===== 步驟 ===== | ===== 步驟 ===== | ||
- 產生憑證 | - 產生憑證 | ||
* <code cmd> | * <code cmd> | ||
- | * PS: 我習慣在非 Windows 的機器上產憑證,所以這部分請自行想辦法找 openssl 來執行 | + | * PS1: 我習慣在非 Windows 的機器上產憑證,所以這部分請自行想辦法找 openssl 來執行 |
+ | * PS2: :!: 注意!請不要使用任何線上網站來進行產生 Key 的步驟! | ||
- 簽署憑證 | - 簽署憑證 | ||
- | - 使用 Let's Encrypt or Comodo Trial SSL or Buy One. | + | - 使用 |
- 拿到正式憑證的 FQDN.crt 及 CA_bundle.crt (中繼憑證) | - 拿到正式憑證的 FQDN.crt 及 CA_bundle.crt (中繼憑證) | ||
- 將 PEM 格式換成 pkcs12 以便餵入 Windows | - 將 PEM 格式換成 pkcs12 以便餵入 Windows | ||
行 20: | 行 21: | ||
- 清除所有空格後待用(ec975cc9954a452b1f030db33218b2ae860dca22) | - 清除所有空格後待用(ec975cc9954a452b1f030db33218b2ae860dca22) | ||
- 註冊憑證至 RDP 服務 | - 註冊憑證至 RDP 服務 | ||
- | - 開始 -> cmd -> 使用管理員身分執行 | + | - 開始 |
- | - <code cmd> | + | - <code cmd> |
- 完成註冊後應該會顯示< | - 完成註冊後應該會顯示< | ||
屬性更新成功。</ | 屬性更新成功。</ | ||
行 27: | 行 28: | ||
+ | ===== Step ===== | ||
+ | - Create a CSR (also including private key) | ||
+ | * <code cmd> | ||
+ | * PS: I usually generate key using unix-like os to do that. Please find the [[https:// | ||
+ | * PS2: :!: Caution! DO NOT USED ANY ONLINE WEB SITE TO DO THIS SETP! | ||
+ | - Sign the Certificate | ||
+ | - Using [[https:// | ||
+ | - Get the signed certificate file: FQDN.crt and CA_bundle.crt (Intermediate Certificate) | ||
+ | - Change certificate format from PEM to pkcs12 for feeding to Windows | ||
+ | * <code cmd> | ||
+ | * Enter password for protect file | ||
+ | - Put certificate into Windows | ||
+ | - Start -> Search -> cmd -> mmc -> Add/Remove Snap-in -> Certificates -> Add > | ||
+ | - Computer account -> Local Computer -> Finish -> OK | ||
+ | - Certificates(Local Computer) -> Personal -> Certificates | ||
+ | - All task -> Import... | ||
+ | - After import -> FQDN Double-click to open certificate -> Thumbprint -> Copy value (EX: ec 97 5c c9 95 4a 45 2b 1f 03 0d b3 32 18 b2 ae 86 0d ca 22) | ||
+ | - Remove all spaces (ec975cc9954a452b1f030db33218b2ae860dca22) | ||
+ | - Register Certificate to RDP Service | ||
+ | - Start -> Search -> cmd -> Command Prompt -> Run as administrator | ||
+ | - <code cmd> | ||
+ | - After success registered < | ||
+ | Attributes update success.</ | ||
+ | - You do not do anything in following. RDP already using new certificate to serve. No annoying message anymore. |