How do I generate an SSL request with no IIS installed?

Hi,
I am trying to setup a new Windows 2008R2 RDS farm, but am having issues with the (seemingly) last part.  I have 1 server with RD Gateway, RD Connection Broker, RD Web, and RD Licensing, and 1 server with RD Session Host installled with the calculator app for testing purposes.  Everything works internally, however I do get an error message stating certificate mismatch for my RD Session Host server.  This makes sense, because it is a mismatch due to the fact that I've not generated an external SSL certificate for the server.  The question is, HOW do I generate a certificate request if I don't have IIS installed (it ONLY has the RD Session Host Role installed)?  I don't want to install IIS if I don't have to - but will if I HAVE to.  I added the Certificates snap-in via MMC, but there is no option within here to request a certificate request, like within IIS.  Am I missing something...?
PMGITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

IT-Monkey-DaveCommented:
I believe you can use certreq.exe at the command line to generate the certificate request, whether or not IIS is installed.

http://technet.microsoft.com/en-us/library/cc725793(WS.10).aspx

Alternatively, you could extract a similar utility from the OpenSSL tools for Windows and generate the request with that.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Krzysztof PytkoSenior Active Directory EngineerCommented:
Unfortunately you are unable to generate a certificate without IIS in your network. The only thing in this situation is to generate self signed SSL certificate but it also does not solve your problem. You can buy some cheap certificate from 3rd party or obtain a free one or just set up IIS in your environment.

Regards,
Krzysztof
IT-Monkey-DaveCommented:
I thought he asked how to generate a CSR, not a certificate.
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

PMGITAuthor Commented:
I did ask how to generate a CSR (reqeust), not a certificate (nuances, I know...).  I was just looking at the certreq.exe command line tool - that looks like a nightmare waiting to happen...
Does anyone know of any gui based cert request apps?  IT Monkey - I know you mentioned OpenSSL, but it looks like I would have to install some old C++ dist's to get that working - any other thoughts...?
IT-Monkey-DaveCommented:
The binary release of OpenSSL for Windows seems to be completely self-contained, not sure about also needing to install any old C++ stuff.

http://www.openssl.org/related/binaries.html

I agree certeq.exe is a little intimidating.  This might or might not help with that: http://technet.microsoft.com/en-us/library/cc736326(WS.10).aspx

PMGITAuthor Commented:
Thank you all.  I think I'm going to try to generate the request on another server, then install, then export, then import from the server that needs the cert - make sense?  I just read that this can be done (although have never personally tested it).  I will let you know how it goes.  IT-Monkey, since you answered the question first and correctly, I will award you the points.
Thanks!
IT-Monkey-DaveCommented:
Thanks, but not sure I really earned those points.  ;)
PMGITAuthor Commented:
sure you did!  
My question was How do I generate an SSL request with no IIS installed?
Your answer was certreq.exe - I didn't know that was an option, so indeed; you have enlightened me :-).
chome81Commented:
PMGIT, did your method of creating and exporting you cert on a different server with IIS work for you?  I'm in the same situation as you.  Looking for a solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.