Import the PFX certificate file on the remote server. You can do so by attaching your local disk drive to the Remote Desktop session and copying the file in Windows Explorer.


  1. Import the certificate into the Local Machine certificate store by pasting the following script in the PowerShell console:

    Replace path-to-pfx-file with the path to the PFX file; for example, C:\OpenSSL-Win64\bin\.

    function Install-Certificate ($certPath, [string]$storeLocation = "LocalMachine", [string]$storeName = "My")
    $cert = New-Object 
    System.Security.Cryptography.X509Certificates.X509Certificate2($certPath,"", "MachineKeySet,PersistKeySet")
    $store = New-Object
    System.Security.Cryptography.X509Certificates.X509Store($storeName, $storeLocation)
    "Thumbprint: $($cert.Thumbprint)"
    Install-Certificate path-to-pfx-file\xenapp-dc.vcops.local.pfx

    The output of this script is a certificate thumbprint, which is required when setting up an HTTPS listener for the WinRM service. If you generated a SSL certificate in the IIS Manager, you can get its thumbprint using the following PowerShell command:

    Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=HOSTNAME" }

  2. Copy the certificate to the remote machine (delivery controller) using Windows Explorer.