ITKarma picture

Hi Habr, this is a super short and simple guide for beginners on how to connect via RDP by domain name so that an annoying warning about a certificate signed by the server does not come out. We need WinAcme and the domain.

Everyone who used RDP at least once saw this sign.

ITKarma picture

The manual contains ready-made commands for added convenience. Copy, paste and earn.

So, this window can, in principle, be skipped if you issue a certificate signed by a third-party, trust certification authority. In this case, Let’s Encrypt.

1. Add A Record


ITKarma picture

Just add an A record and enter the server IP address in it. This completes the work with the domain.

2. Download WinAcme


Download WinAcme from their site . It is best to unzip the archive wherever you get, the executable files and scripts will come in handy in the future for automatic certificate renewal. It is best to shake the archive into C: \ WinAcme \.

3. Open port 80


ITKarma picture

Your server is authorized on http, so we need to open port 80. To do this, enter the command in Powershell:

New-NetFirewallRule -DisplayName 80-TCP-IN -Direction Inbound -Protocol TCP -Enabled True -LocalPort 80 

4. Allow scripts to run


In order for WinAcme to be able to import the new certificate without problems, you need to enable script execution. To do this, go to the/Scripts/

ITKarma picture

Before starting WinAcme, we need to enable the execution of two scripts. To do this, double-click PSRDSCerts.bat from the script folder.

5. Install the certificate


ITKarma picture

Next, copy the line below and enter the domain name by which you want to connect to the server and run the command.

C:\Winacme\wacs.exe --target manual --host VASHDOMAIN.RU --certificatestore My --installation script --installationsiteid 1 --script "Scripts\ImportRDListener.ps1" --scriptparameters "{CertThumbprint}" 

After that, the certificate of the signing domain will be replaced by the old one. Manual updates do not need anything, after 60 days the program will renew the certificate itself.

Done! You are magnificent and got rid of annoying mistake.

And what system errors annoy you?

ITKarma picture.

Source