In my case i use capicom to query the thumbprint from cert store and a reg update sequence to bind it.
e.g appended a VB script to query the thumprint of a RDP Cert template form local store and bind it to listener.
Option Explicit
on error resume next
Const CAPICOM_MY_STORE = "My"
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CURRENT_USER_STORE = 2
Const CAPICOM_STORE_OPEN_READ_ONLY = 0
Const CAPICOM_EKU_CLIENT_AUTH = 2
Const CAPICOM_EKU_CODE_SIGNING = 3
Const CAPICOM_EKU_EMAIL_PROTECTION = 4
Const CAPICOM_EKU_SERVER_AUTH = 1
Const CAPICOM_EKU_OTHER = 0
Const CR_DISP_ISSUED = &H3
Const CR_OUT_CHAIN = &H100
Const CR_OUT_BASE64 = &H1
Const CERT_SYSTEM_STORE_LOCAL_MACHINE = &H20000
Const CR_IN_BASE64 = &H1
Const CR_IN_PKCS10 = &H100
Dim oCert, oStore, sflag, strComputer, strRDPThumb, WshShell
Dim strKeyPath, Return1, Return2, Return3, StrExe1, StrExe2, StrExe3, StrExe
strComputer = "."
strKeyPath = "HKLM\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp"
Set WshShell = Wscript.CreateObject("Wscript.Shell")
Set oStore = CreateObject ("CAPICOM.Store")
If Err.Number <> 0 Then
Wscript.echo "CAPICOM NOT FOUND"
Wscript.Quit(1)
End if
oStore.Open CAPICOM_LOCAL_MACHINE_STORE, CAPICOM_MY_STORE, CAPICOM_STORE_OPEN_READ_ONLY
sflag = 0
For Each oCert in oStore.Certificates
sflag = 0
If Instr (1, trim(ucase(oCert.Template.Name)), trim(ucase("RDP Certificate")), 1) > 0 Then
sflag = 1
strRDPThumb = lcase(oCert.Thumbprint)
End if
If IsNull(strRDPThumb) Then
wscript.echo "No Valid RDP Certificate Found"
wscript.Quit(1)
Elseif sflag = 1 Then
StrExe1 = "cmd /c REG ADD " &chr(34)& strKeyPath &chr(34)& " /v SSLCertificateSHA1Hash /t REG_BINARY /d " &chr(34)& strRDPThumb &chr(34)&" /f"
StrExe2 = "cmd /c REG ADD " &chr(34)& strKeyPath &chr(34)& " /v SecurityLayer /t REG_DWORD /d " &chr(34)& "2" &chr(34)&" /f"
StrExe3 = "cmd /c REG ADD " &chr(34)& strKeyPath &chr(34)& " /v MinEncryptionLevel /t REG_DWORD /d " &chr(34)& "3" &chr(34)&" /f"
Return1 = Wshshell.Run(strExe1,1,True)
If Return1 = 0 Then
Return2 = Wshshell.Run(strExe2,1,True)
Return3 = Wshshell.Run(strExe3,1,True)
Else
wscript.Quit(1)
wscript.echo "RegError"
End if
End if
Next