Add customized certs to XRDP

by Oct 3, 2025IT Tips0 comments

This replaces the www.xrdp.org cert and adds the ability to connect via DNS Name or IP using Subject Alternative Names.

Example of adding subjectAltName so you can connect via mstsc.exe to multiple DNS names and IP Address or Addresses

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -nodes -days 365 \
        -addext "subjectAltName = DNS:tgn-ubuntu,DNS:tgn-ubuntu.toggen.home,IP:10.45.53.109"
# copy the self-signed certs to /etc/xrdp (remember to change their ownership and make permissions 600 if needed)
cp *.pem /etc/xrdp/

# restart
systemctl restart xrdp.service

Import the untrusted cert into your local Trusted Root Certifcation Store

On Windows run certmgr.msc (Users certs) or certlm.msc (Machine certs) and import the cert into your Trustred Root Certifcation Authorities/Certificates folder

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.