Solved

Creating a different certificate for RD Remote App server

Posted on 2010-09-06
17
1,004 Views
Last Modified: 2012-05-10
Hi Guys,
I've got a few Remote Desktop servers set up and connect through to them via URL to https://rdserver.domain.com/rdweb however when i try to launch anything it shows that the certificate doesn't match and won't let me continue. The servers have self signed certificates but these obviously show the internal address servername.domain.local .
Can i create a certificate to match what i need and if so how or is there another way around this ?
Thanks
0
Comment
Question by:Netexperts
  • 9
  • 8
17 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610471
Yes you can. But you need CA server in your environment to fulfill these requirements.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33610504
I Think our DC is a CA, is this just a case of creating a cert and exporting it ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33610679
Yup, try to request a WWW certificate then issue it to your server. I would try to prepare a doc if you need.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33610906
That would be great. Thanks
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611435
I think i managed to create and install a new certificate as the RemoteApp page shows that it now has the external url however when i hit the landing page it says there is a certificate mismatch and if i view the certificate it shows a different one to the one i created and installed to the RemoteApp server.
Does the /RDWEB landing page pick up it's certificate from a different place (or do i also need to set it here ?
Hope this makes sense.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611530
check on rd server in certmgr.msc console if there is only your newly generated certificate (without self signed) move yours into place where self-signed is
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611641
In certmgr.msc i can see the newly created certificate (for the external URL) and the local one (which shows on the landing page) but i can't see anything that shows which is self-signed however the internal one has a key symbol on it and the new one does not.
I've not used certmgr.msc before so sorry if i'm a bit vague.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611680
ok, so let's export that local one and then we will remove it for tests. Click on it right mouse button and choose export, then follow a wizard
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:Netexperts
ID: 33611721
Ok, i've exported it. Should i now delete that cert from certmgr ?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33611747
yes, do it.
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33611774
Done
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33613195
OK, what results do you have?
0
 
LVL 1

Author Comment

by:Netexperts
ID: 33613293
Still have the same issue.
If i get to the landing page it shows the cert is issued by the TS server for the local TS address but then when i log in and try an icon it then shows certificate mismatch and when i view the certificate it shows it's issued by the CA and for the external URL address (i.e the correct one i created)
Hope this makes sense.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33615649
ok then, I would try to prepare a doc for you :)
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33618385
Sorry for delay. Busy day :/ So, try with this doc
cert.doc
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 33640209
That's worked, many thanks
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33643762
You're welcome
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now