New-RDCertificate

Creates a certificate for an RDS role.

Syntax

New-RDCertificate
   [-Role] <RDCertificateRole>
   -DnsName <String>
   [-ExportPath <String>]
   -Password <SecureString>
   [-ConnectionBroker <String>]
   [-Force]
   [<CommonParameters>]

Description

The New-RDCertificate cmdlet creates a certificate for a Remote Desktop Services (RDS) role.

This cmdlet creates an object that contains the following information:

  • Subject. The subject of the certificate.
  • SubjectAlternateName. A list of subject alternative name entries of the certificate.
  • IssuedBy. Common name of the issuer of the certificate.
  • IssuedTo. Common name of the IssuedTo field of the certificate.
  • ExpiresOn. Expiration date of the certificate.
  • Thumbprint. Thumbprint of the certificate.
  • Role. Remote desktop role service name. The possible roles are: RDGateway, RDWebAccess, RDRedirector, and RDPublishing.
  • Level. Certification level.

The certification levels are:

  • Not Configured. The role service is not configured with a certificate or the certificate is not valid.
  • Untrusted. The role service is configured with a self-signed certificate.
  • Trusted. The role service is configured with either enterprise certificate or public certificate.

Examples

Example 1: Create a certificate

PS C:\> $Password = ConvertTo-SecureString -String "Wings%%83Potato" -AsPlainText -Force
PS C:\> New-RDCertificate -Role RDPublishing -DnsName "RDWA01.Contoso.com " -Password $Password -ConnectionBroker "RDCB.Contoso.com"

This example creates a certificate for an RDS role.

The first command uses the ConvertTo-SecureString cmdlet to create a secure string based on a string that the user supplies, and stores it in the $Password variable. For more information, type Get-Help ConvertTo-SecureString .

The second command creates a certificate for the publishing role and uses the secure string stored in $Password to help secure it. The command specifies the DNS name of the RDS host and the name of the connection broker.

Example 2: Create and export a certificate

PS C:\> $Password = ConvertTo-SecureString -String "Cups34Horses&&" -AsPlainText -Force
PS C:\> New-RDCertificate -Role RDWebAccess -DnsName "RDWA01.Contoso.com" -Password $Password -ExportPath "C:\Certificates\RDWA102.pfx" -ConnectionBroker "RDCB.Contoso.com"

This example creates a certificate for an RDS role and exports it to a specified file.

The first command uses the ConvertTo-SecureString cmdlet to create a secure string based on a string that the user supplies, and stores it in the $Password variable.

The second command creates a certificate for the web access role and uses the secure string stored in $Password to help secure it. The command specifies the DNS name of the RDS host and the name of the connection broker. This command also exports the certificate to the specified .pfx file.

Required Parameters

-DnsName

Specifies the Domain Name Service (DNS) name for a computer. The cmdlet creates a self-signed certificate for this computer.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Password

Specifies a secure string used to help secure the certificate. See the Examples section.

Type: SecureString
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Role

Specifies a certificate type associated with an RDS server role. The acceptable values for this parameter are:

  • RDGateway
  • RDWebAccess
  • RDRedirector
  • RDPublishing
Type: RDCertificateRole
Parameter Sets: RDGateway, RDWebAccess, RDRedirector, RDPublishing
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Optional Parameters

-ConnectionBroker

Specifies the Remote Desktop Connection Broker (RD Connection Broker) server for a Remote Desktop deployment. If you do not specify a value, the cmdlet uses the fully qualified domain name (FQDN) of the local computer.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ExportPath

Specifies a full file path for the certificate. The file has a .pfx extension.

Type: String
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Force

Forces the command to run without asking for user confirmation.

Type: SwitchParameter
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Outputs

System.Object