#Assign the trimmed value of $TrustedHash to the RDP certificate
wmic /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=$TrustedHash
However I run into a problem at the last line. the wmic command used to set the SSLCertificateSHA1Hash won't accept a variable as an argument to update the hash value. If you type the thumbprint by hand, it works as expected.
I've already found a better way to get the thumbprint value without having to trim the string value:
BUT, I have not been able to locate a way to use the PowerShell certificate provider to update that SSLCertificateSHA1Hash value for a specific cert.
Eventually I will put this into a loop that cycles through a list of servers from a .txt file, but first I need to make the individual set of commands do what I need it to do.
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT"
however as this is to eventually be placed into a loop through all servers in a txt file, I need to find a the P$ equivalent of that wmic command, or find a way to pass a variable declared in PowerShell as the “THUMBPRINT” value.
@Kvprasoon is correct. The thumbprint of a certificate cannot be changed. The WMIC command you want to run is not changing the thumbprint. The thumbprint is used to identify which certificate should be installed into Terminal Services.
Collect the thumbprint from the trusted cert in the personal store.
Install the cert with the matching thumbprint into Terminal services.
Ideally I’d like to be able to put the hostnames of all servers that need this fix into a txt file and have it loop through the list of servers, performing this for each one.
So, for example:
$Servers = Get-Content C:\temp\servers.txt
ForEach ($Server in $Servers)
{
#Declare variables at string type
#Get the Thumbprint of the trusted cert from the personal store
[string]$CertHash = wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Get SSLCertificateSHA1Hash
#Trim the variable value to strip out header and whitespace before the hash value
[string]$TrustedHash = $CertHash.TrimStart("SSLCertificateSHA1Hash")
[string]$TrustedHash = $TRustedHash.TrimStart( )
#Assign the certificate with the $TrustedHash value to Terminal Services
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash=$TrustedHash
Apologies for my confusion about the specific functionality, and thanks in advance for any help.