Remote Desktop Web Client Import Existing Certificate

%3CLINGO-SUB%20id%3D%22lingo-sub-1822960%22%20slang%3D%22en-US%22%3ERemote%20Desktop%20Web%20Client%20Import%20Existing%20Certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1822960%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20working%20through%20the%20process%20to%20setup%20the%20Remote%20Desktop%20Web%20Client%20as%20documented%20here%2C%20which%20all%20works%20fine%20when%20manually%20working%20through%20these%20steps%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-web-client-admin%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows-server%2Fremote%2Fremote-desktop-services%2Fclients%2Fremote-desktop-web-client-admin%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20also%20working%20to%20automate%20this%20process%20with%20some%20server%20deployments%2C%20which%20I%20can%20mostly%20do%20up%20to%20the%20step%20to%20import%20the%20certificate%2C%20which%20is%20this%20command%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22hljs-pscommand%22%3EImport-RDWebClientBrokerCert%3C%2FSPAN%3E%3CSPAN%3E%20%26lt%3B.cer%20file%20path%26gt%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EHowever%2C%20we%20already%20have%20a%20certificate%20seeded%20and%20setup%20on%20the%20certificate%20store%20on%20the%20server%20that%20I%20want%20to%20use%2C%20but%20this%20command%20provides%20no%20way%20to%20reference%20or%20use%20said%20certificate%20by%20thumbprint.%20Is%20there%20any%20other%20possible%20way%20to%20reference%20and%20use%20a%20certificate%20that%20is%20already%20on%20the%20server%3F%20I%20found%20I%20can't%20run%20the%20last%20command%20to%20publish%20until%20I%20do%20the%20certificate%20import%3A%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-pscommand%22%3EPublish-RDWebClientPackage%3C%2FSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-Type%3C%2FSPAN%3E%20Production%3CSPAN%20class%3D%22hljs-parameter%22%3E%20-Latest%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%20class%3D%22hljs-parameter%22%3EThe%20certificate%20I%20have%20in%20place%20is%20one%20that%20I'm%20already%20using%20on%20the%20same%20server%20for%20the%20connection%20broker%20and%20session%20host%20roles.%20I%20did%20see%20further%20down%20some%20netsh%20commands%20regarding%20setting%20the%20certificate%2C%20but%20this%20doesn't%20really%20do%20anything%20as%20the%20port%20already%20has%20the%20certificate%20and%20it%20doesn't%20seem%20to%20matter%20for%20whatever%20is%20required%20to%20run%20the%20publish%20command.%20Is%20there%20any%20way%20to%20do%20this%20without%20importing%20a%20real%20certificate%20file%3F%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1822960%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ERemote%20Desktop%20Services%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eweb%20client%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1826458%22%20slang%3D%22en-US%22%3ERe%3A%20Remote%20Desktop%20Web%20Client%20Import%20Existing%20Certificate%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1826458%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F833982%22%20target%3D%22_blank%22%3E%40ESpigle%3C%2FA%3E%26nbsp%3BThe%20powershell%20command%20to%20import%20and%20publish%20is%20pretty%20complex%2C%20you%20might%20be%20able%20to%20reverse%20engeneer%20what%20they%20do%20and%20make%20the%20same%20changes.%20But%20another%20simple%20workaround%20would%20be%20to%20export%20the%20certificate%20to%20file%20and%20then%20import%20it%20again%20with%20the%20import%20command.%3C%2FP%3E%3CP%3E%2FMr%20T-Bone%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

I am working through the process to setup the Remote Desktop Web Client as documented here, which all works fine when manually working through these steps:

 

https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-deskto...

 

I am also working to automate this process with some server deployments, which I can mostly do up to the step to import the certificate, which is this command:

 

Import-RDWebClientBrokerCert <.cer file path>

 

However, we already have a certificate seeded and setup on the certificate store on the server that I want to use, but this command provides no way to reference or use said certificate by thumbprint. Is there any other possible way to reference and use a certificate that is already on the server? I found I can't run the last command to publish until I do the certificate import:

 

Publish-RDWebClientPackage -Type Production -Latest

 

The certificate I have in place is one that I'm already using on the same server for the connection broker and session host roles. I did see further down some netsh commands regarding setting the certificate, but this doesn't really do anything as the port already has the certificate and it doesn't seem to matter for whatever is required to run the publish command. Is there any way to do this without importing a real certificate file?

2 Replies

@ESpigle The powershell command to import and publish is pretty complex, you might be able to reverse engeneer what they do and make the same changes. But another simple workaround would be to export the certificate to file and then import it again with the import command.

/Mr T-Bone

@MrTbone_seI will look into going the route of exporting and re-importing the same certificate from the certificate store for this purpose and hope that maybe in the future that this command will allow for referencing an existing thumbnail on the system and not just pulling in a certificate file.