Upload the certificate PFX file to the remote server. You can do so by attaching your local disk drive to the Remote Desktop session and copying the file in Explorer.


Import the certificate into the Local Machine certificate store by pasting the following script in the PowerShell console:

Replace path-to-pfx-file with the path to the PFX file. For example, C:\OpenSSL-Win64\bin\.

function Install-Certificate ($certPath, [string]$storeLocation = "LocalMachine", [string]$storeName = "My")

$cert = New-Object 
System.Security.Cryptography.X509Certificates.X509Certificate2($certPath,"", "MachineKeySet,PersistKeySet")
$store = New-Object
System.Security.Cryptography.X509Certificates.X509Store($storeName, $storeLocation)
"Thumbprint: $($cert.Thumbprint)"

Install-Certificate path-to-pfx-file\xenapp-dc.vcops.local.pfx

The output of this script is a certificate thumbprint, which is required when setting up HTTPS listener for the WinRM service. If you generated SSL certificate in the IIS Manager, you can get its thumbprint using the following PowerShell command:

Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=HOSTNAME" }