Hi All,

I have a terminal server running on Windows Server 2019 where I needed to renew the RDP certificate. I imported the new certificate into the server under Certificates (Local Computer) → Personal → Certificates. After importing, I could see both the old (expiring) and new certificates.
To apply the new certificate, I navigated to the following registry path in registries:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations

There, I modified the SSLCertificateSHA1Hash registry entry by replacing the existing thumbprint with the new certificate’s thumbprint (copied via right-click → Modify). After rebooting the VM, I was no longer able to connect via RDP.I have since restored the VM from a backup. Could you please advise if I am following the correct procedure, or if I am missing any steps?

You should make your topic subject a little clearer.

It could be for RDP, RDWeb, IIS, Apache, client devices, Radius - adding the service would be useful.

We have to assume you didn’t put the first certificate on, or if you did, you didn’t make notes.

For terminal server, or remote desktop session hosts, you can replace the certificate inside the RD manager, there is a specific place to import them, that does the work for you. I don’'t remember if off the top of my head.

I’m not sure if there is a specific reason you would be in the registry.

See the last note on this page
RD Gateway, certificate expiration and how to manage renew - Windows - Spiceworks Community

About half way down via the GUI

Updating certificate for Remote Desktop Services – System Center Configuration Manager Notes