• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1014
  • Last Modified:

Creating a different certificate for RD Remote App server

Hi Guys,
I've got a few Remote Desktop servers set up and connect through to them via URL to https://rdserver.domain.com/rdweb however when i try to launch anything it shows that the certificate doesn't match and won't let me continue. The servers have self signed certificates but these obviously show the internal address servername.domain.local .
Can i create a certificate to match what i need and if so how or is there another way around this ?
Thanks
0
Netexperts
Asked:
Netexperts
  • 9
  • 8
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
Yes you can. But you need CA server in your environment to fulfill these requirements.
0
 
NetexpertsAuthor Commented:
I Think our DC is a CA, is this just a case of creating a cert and exporting it ?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Yup, try to request a WWW certificate then issue it to your server. I would try to prepare a doc if you need.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
NetexpertsAuthor Commented:
That would be great. Thanks
0
 
NetexpertsAuthor Commented:
I think i managed to create and install a new certificate as the RemoteApp page shows that it now has the external url however when i hit the landing page it says there is a certificate mismatch and if i view the certificate it shows a different one to the one i created and installed to the RemoteApp server.
Does the /RDWEB landing page pick up it's certificate from a different place (or do i also need to set it here ?
Hope this makes sense.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
check on rd server in certmgr.msc console if there is only your newly generated certificate (without self signed) move yours into place where self-signed is
0
 
NetexpertsAuthor Commented:
In certmgr.msc i can see the newly created certificate (for the external URL) and the local one (which shows on the landing page) but i can't see anything that shows which is self-signed however the internal one has a key symbol on it and the new one does not.
I've not used certmgr.msc before so sorry if i'm a bit vague.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
ok, so let's export that local one and then we will remove it for tests. Click on it right mouse button and choose export, then follow a wizard
0
 
NetexpertsAuthor Commented:
Ok, i've exported it. Should i now delete that cert from certmgr ?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
yes, do it.
0
 
NetexpertsAuthor Commented:
Done
0
 
Krzysztof PytkoActive Directory EngineerCommented:
OK, what results do you have?
0
 
NetexpertsAuthor Commented:
Still have the same issue.
If i get to the landing page it shows the cert is issued by the TS server for the local TS address but then when i log in and try an icon it then shows certificate mismatch and when i view the certificate it shows it's issued by the CA and for the external URL address (i.e the correct one i created)
Hope this makes sense.
0
 
Krzysztof PytkoActive Directory EngineerCommented:
ok then, I would try to prepare a doc for you :)
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Sorry for delay. Busy day :/ So, try with this doc
cert.doc
0
 
NetexpertsAuthor Commented:
That's worked, many thanks
0
 
Krzysztof PytkoActive Directory EngineerCommented:
You're welcome
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 9
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now