How to Create Manual SSL Certificate for Remote Desktop Server Manager

One common issue when publishing applications in Remote Desktop Server Manager is an expired SSL certificate

Handoyo Saputra | October 20, 2023

Server Manager

Remote Desktop Server Manager is software or a feature used to manage remote servers and desktop sessions on Windows Server operating systems.

With this tool, you can monitor and manage various aspects of server and desktop sessions, including settings, users, and running applications.

Remote Desktop Server Manager allows administrators to perform various tasks, such as:

  1. Managing users and permissions: You can add or remove users, set access permissions, and control who can access the remote server.
  2. Monitoring performance: You can monitor server resource usage, such as CPU and RAM, and identify performance issues that may arise.
  3. Configuring session settings: You can adjust desktop session parameters, such as screen resolution, sound quality, and more.
  4. Installing and managing applications: You can install and uninstall applications on the remote server and manage running applications.
  5. Diagnosing issues: If there are problems with the server or desktop session, you can use Remote Desktop Server Manager to diagnose issues and find solutions.

One common issue when publishing applications in Remote Desktop Server Manager is an expired SSL certificate.

publish failed
Publish failed

To check if your SSL certificate is still valid, open the Server Manager application, then navigate to Remote Desktop Service.

Remote Desktop Service
Remote Desktop Service

In the Deployment Overview section, click Tasks -> Edit Deployment Properties -> Certificates.

Check your certificates status
Check your certificates status

Pay attention to the certificates for RD Connection Broker and RD Web Access. If your SSL certificate has expired, the status will be displayed as "expired."

You can create a new SSL certificate using the "Create new certificate" button or use an existing certificate.

In this tutorial, we will create a new SSL certificate using the win-acme application. Please download the win-acme application to your server and extract the files.


Right-click on the wacs.exe file and choose "Run as administrator." Follow the steps below to create a new SSL certificate:

Create new SSL certificate using Win-acme
Create new SSL certificate using Win-acme

Please choose from the menu:
M: Create certificate (full options)

How shall we determine the domain(s) to include in the certificate?:
1: Read bindings from IIS

Site identifier(s) or to choose all:
1: Default Web Site (1 binding)

Binding identifier(s) or menu option:
A: Pick *all* bindings

Continue with this selection?

How would you like prove ownership for the domain(s):
2: [http-01] Serve verification files from memory

What kind of private key should be used for the certificate?
2: RSA key

How would you like to store the certificate?
1: IIS Central Certificate Store (.pfx per host)

Store path:
cert (create a folder named "cert" at the same level as the wacs.exe file)

Choose from the menu: (add a password for your SSL certificate)
2: Type/paste in consle

Save to vault for future reuse?

Would you like to store it in another way too?:
5: No (additional) store steps

Which installation step should run first?:
3: No (additional) installation steps

Overwrite setting?

Congratulations! You have successfully created a new SSL certificate stored in the "cert" folder. Next, we will update the expired SSL certificate in Server Manager.

Open Certificates in the Deployment Properties as mentioned earlier, then update all expired certificates with the newly created SSL certificate. Choose Select existing certificate -> Choose a different certificate.

Enter the location of the SSL certificate and its password, then check "Allow the certificate to be added to the Trusted Root Certification Authorities" and click "Apply."

TagsTips & Trick

Other Articles

Latest Articles