I am trying to enable SSL encryption for RDP to my Windows Server 2012 servers. I have a wildcard certificate with a private key from Digicert that is good for *.mydomain.com. The Enhanced key usage is:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
And key usage is:
Digital Signature, Key Encipherment (a0)
I put the cert in the Personal Store and the Remote Desktop Store.
To force SSL Connections I enabled the following settings in Group Policy:
Always prompt for password upon connectionEnabledRequire secure RPC communicationEnabled
Require use of specific security layer for remote (RDP) connectionsEnabled
Security Layer SSL (TLS 1.0)
Set client connection encryption levelEnabledEncryption Level High Level
Yet no matter what I try the only cert that is offered on connection is the server's self signed one. If I delete it comes back. If I disabled it for all purposes it is used anyway. What do I need to do to have the server use the wildcard cert from Digicert? What am I missing? Thanks, Jarrett | ||||||