-
-
Save phillf/486ce86b024fc957ca2dc303d129f644 to your computer and use it in GitHub Desktop.
Let's Encrypt & Microsoft Remote Desktop Services - Installation Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "C:\Program Files\Lets Encrypt\letsencrypt.exe" --renew --baseuri "https://acme-v01.api.letsencrypt.org/" | |
| powershell -File "C:\Program Files\Lets Encrypt\RDS_INSTALL_CERT.ps1" -CertificateImport "C:\ProgramData\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org\remote.example.com-all.pfx" -RDCB remote.example.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install a Let's Encrypt certificate to Remote Desktop Services | |
| # Hacked together by Anthony Eden (https://mediarealm.com.au/) | |
| #Credit: https://ryanmangansitblog.com/2014/06/17/deploying-rds-2012-wild-card-certificate-using-powershell/ | |
| #Credit: https://github.com/Lone-Coder/letsencrypt-win-simple/issues/400 | |
| param ( | |
| [Parameter(Mandatory=$TRUE, HelpMessage="store the certificate localy (c:\)")] | |
| [String] | |
| $CertificateImport, | |
| [Parameter(Mandatory=$TRUE, HelpMessage="Connection Broker FQDN")] | |
| [String] | |
| $RDCB | |
| ) | |
| if ( ((get-date) - (ls $CertificateImport).LastWriteTime).minutes -gt 10){ exit } | |
| # This is where a temporary certificate will be stored (we delete it at the end) | |
| $tempPfxPath = 'C:\ProgramData\letsencrypt-win-simple\temp-pfx.pfx' | |
| # Import the RemoteDesktop module | |
| Import-Module RemoteDesktop | |
| # Create the temporary certificate | |
| $newCertPfx = Import-PfxCertificate -FilePath $CertificateImport -CertStoreLocation Cert:\LocalMachine\My -Exportable | |
| $tempPasswordPfx = ConvertTo-SecureString -String "TemporaryPassword" -Force -AsPlainText | |
| Export-PfxCertificate -cert $newCertPfx -FilePath $tempPfxPath -Force -NoProperties -Password $tempPasswordPfx | |
| Remove-Item -Path $newCertPfx.PSPath | |
| # Configure RDPublishing Certificate for RDS | |
| set-RDCertificate -Role RDPublishing ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -Force ` | |
| # Configure First RDWebAccess Certificate for RDS | |
| set-RDCertificate -Role RDWebAccess ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -Force ` | |
| # Configure Second Certificate for RDS | |
| set-RDCertificate -Role RDWebAccess ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -Force ` | |
| # Configure RDRedirector Certificate for RDS | |
| set-RDCertificate -Role RDRedirector ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -force ` | |
| # Configure First RDGateway Certificate for RDS | |
| set-RDCertificate -Role RDGateway ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -force ` | |
| # Configure Second RDGateway Certificate for RDS | |
| set-RDCertificate -Role RDGateway ` | |
| -ImportPath $tempPfxPath ` | |
| -Password $tempPasswordPfx ` | |
| -ConnectionBroker $RDCB -force ` | |
| # Cleanup the temporary PFX file | |
| Remove-Item -Path $tempPfxPath |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment