New-RDCertificate
Creates a certificate for an RDS role.
Syntax
New-RDCertificate
[-Role] <RDCertificateRole>
-DnsName <String>
[-ExportPath <String>]
-Password <SecureString>
[-ConnectionBroker <String>]
[-Force]
[<CommonParameters>]
Description
The New-RDCertificate cmdlet creates a certificate for a Remote Desktop Services (RDS) role.
This cmdlet creates an object that contains the following information:
- Subject. The subject of the certificate.
- SubjectAlternateName. A list of subject alternative name entries of the certificate.
- IssuedBy. Common name of the issuer of the certificate.
- IssuedTo. Common name of the IssuedTo field of the certificate.
- ExpiresOn. Expiration date of the certificate.
- Thumbprint. Thumbprint of the certificate.
- Role. Remote desktop role service name. The possible roles are: RDGateway, RDWebAccess, RDRedirector, and RDPublishing.
- Level. Certification level.
The certification levels are:
- Not Configured. The role service is not configured with a certificate or the certificate is not valid.
- Untrusted. The role service is configured with a self-signed certificate.
- Trusted. The role service is configured with either enterprise certificate or public certificate.
Examples
Example 1: Create a certificate
PS C:\> $Password = ConvertTo-SecureString -String "Wings%%83Potato" -AsPlainText -Force
PS C:\> New-RDCertificate -Role RDPublishing -DnsName "RDWA01.Contoso.com " -Password $Password -ConnectionBroker "RDCB.Contoso.com"
This example creates a certificate for an RDS role.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string based on a string that the user supplies, and stores it in the $Password variable.
For more information, type Get-Help ConvertTo-SecureString
.
The second command creates a certificate for the publishing role and uses the secure string stored in $Password to help secure it. The command specifies the DNS name of the RDS host and the name of the connection broker.
Example 2: Create and export a certificate
PS C:\> $Password = ConvertTo-SecureString -String "Cups34Horses&&" -AsPlainText -Force
PS C:\> New-RDCertificate -Role RDWebAccess -DnsName "RDWA01.Contoso.com" -Password $Password -ExportPath "C:\Certificates\RDWA102.pfx" -ConnectionBroker "RDCB.Contoso.com"
This example creates a certificate for an RDS role and exports it to a specified file.
The first command uses the ConvertTo-SecureString cmdlet to create a secure string based on a string that the user supplies, and stores it in the $Password variable.
The second command creates a certificate for the web access role and uses the secure string stored in $Password to help secure it. The command specifies the DNS name of the RDS host and the name of the connection broker. This command also exports the certificate to the specified .pfx file.
Parameters
-ConnectionBroker
Specifies the Remote Desktop Connection Broker (RD Connection Broker) server for a Remote Desktop deployment. If you do not specify a value, the cmdlet uses the fully qualified domain name (FQDN) of the local computer.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DnsName
Specifies the Domain Name Service (DNS) name for a computer. The cmdlet creates a self-signed certificate for this computer.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ExportPath
Specifies a full file path for the certificate. The file has a .pfx extension.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Password
Specifies a secure string used to help secure the certificate. See the Examples section.
Type: | SecureString |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Role
Specifies a certificate type associated with an RDS server role. The acceptable values for this parameter are:
- RDGateway
- RDWebAccess
- RDRedirector
- RDPublishing
Type: | RDCertificateRole |
Accepted values: | RDGateway, RDWebAccess, RDRedirector, RDPublishing |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |