5.1.1.1 Encrypting the Premaster Secret
The client uses RSA to encrypt the premaster secret with the public key of the server. The client obtains the public key from the terminal server certificate, which is the leaf certificate in the certificate chain that is obtained from the Server Certificate (SERVER_CERTIFICATE) in the Server License Request message.
For encryption with RSA, see [MS-RDPBCGR] sections 5.3.1 and 5.3.4.