4

I am trying to set up remote app for a internal domain. I have a Root CA that is trusted my all of the end computers, that cert has signed a wildcard cert I am trying to use for the server.

I added the pfx of the wildcard cert to the local machine personal store. From there I can use it fine for signing the RD Session Host session.

enter image description here


However when I try to set up the signature for Remote App the certificate does not show up.

enter image description here


What do I need to do to get my certificate to be available for for use?


UPDATE:

The Certificate was generated through the following commands:

makecert -pe -n "CN=*.vw.local" -a sha1 -sky signature -ic VetWebCA.cer -iv VetWebCA.pvk -sv VetWebComputerWildcard.pvk VetWebComputerWildcard.cer

pvk2pfx -pvk VetWebComputerWildcard.pvk -spc VetWebComputerWildcard.cer -pfx VetWebComputerWildcard.pfx

The resultant pfx was added to the machine local store via mmc.

Oddly, going in to Powershell if I add the -CodeSigningCert flag to find the wildcard certificate it is excluded from the serch results for Get-Childitem in my Cert:\Local Machine\My path, but if I don't include it it is there.

Scott Chamberlain
  • 1,445
  • 2
  • 21
  • 37

1 Answers1

1

It appears that Remote app requires explicit rights to use it for signing, you can not just use the <All> rights. Changing my cert generation to

makecert -pe -n "CN=*.vw.local" -a sha1 -sky signature -ic VetWebCA.cer -iv VetWebCA.pvk -sv VetWebComputerWildcard.pvk -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2 VetWebComputerWildcard.cer

solves the issue (1.3.6.1.5.5.7.3.1 & 1.3.6.1.5.5.7.3.2 are Client Authentication and Server Authentication rights)

Scott Chamberlain
  • 1,445
  • 2
  • 21
  • 37