PMGIT
asked on
How do I generate an SSL request with no IIS installed?
Hi,
I am trying to setup a new Windows 2008R2 RDS farm, but am having issues with the (seemingly) last part. I have 1 server with RD Gateway, RD Connection Broker, RD Web, and RD Licensing, and 1 server with RD Session Host installled with the calculator app for testing purposes. Everything works internally, however I do get an error message stating certificate mismatch for my RD Session Host server. This makes sense, because it is a mismatch due to the fact that I've not generated an external SSL certificate for the server. The question is, HOW do I generate a certificate request if I don't have IIS installed (it ONLY has the RD Session Host Role installed)? I don't want to install IIS if I don't have to - but will if I HAVE to. I added the Certificates snap-in via MMC, but there is no option within here to request a certificate request, like within IIS. Am I missing something...?
I am trying to setup a new Windows 2008R2 RDS farm, but am having issues with the (seemingly) last part. I have 1 server with RD Gateway, RD Connection Broker, RD Web, and RD Licensing, and 1 server with RD Session Host installled with the calculator app for testing purposes. Everything works internally, however I do get an error message stating certificate mismatch for my RD Session Host server. This makes sense, because it is a mismatch due to the fact that I've not generated an external SSL certificate for the server. The question is, HOW do I generate a certificate request if I don't have IIS installed (it ONLY has the RD Session Host Role installed)? I don't want to install IIS if I don't have to - but will if I HAVE to. I added the Certificates snap-in via MMC, but there is no option within here to request a certificate request, like within IIS. Am I missing something...?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I thought he asked how to generate a CSR, not a certificate.
ASKER
I did ask how to generate a CSR (reqeust), not a certificate (nuances, I know...). I was just looking at the certreq.exe command line tool - that looks like a nightmare waiting to happen...
Does anyone know of any gui based cert request apps? IT Monkey - I know you mentioned OpenSSL, but it looks like I would have to install some old C++ dist's to get that working - any other thoughts...?
Does anyone know of any gui based cert request apps? IT Monkey - I know you mentioned OpenSSL, but it looks like I would have to install some old C++ dist's to get that working - any other thoughts...?
The binary release of OpenSSL for Windows seems to be completely self-contained, not sure about also needing to install any old C++ stuff.
http://www.openssl.org/related/binaries.html
I agree certeq.exe is a little intimidating. This might or might not help with that: http://technet.microsoft.com/en-us/library/cc736326(WS.10).aspx
http://www.openssl.org/related/binaries.html
I agree certeq.exe is a little intimidating. This might or might not help with that: http://technet.microsoft.com/en-us/library/cc736326(WS.10).aspx
ASKER
Thank you all. I think I'm going to try to generate the request on another server, then install, then export, then import from the server that needs the cert - make sense? I just read that this can be done (although have never personally tested it). I will let you know how it goes. IT-Monkey, since you answered the question first and correctly, I will award you the points.
Thanks!
Thanks!
Thanks, but not sure I really earned those points. ;)
ASKER
sure you did!
My question was How do I generate an SSL request with no IIS installed?
Your answer was certreq.exe - I didn't know that was an option, so indeed; you have enlightened me :-).
My question was How do I generate an SSL request with no IIS installed?
Your answer was certreq.exe - I didn't know that was an option, so indeed; you have enlightened me :-).
PMGIT, did your method of creating and exporting you cert on a different server with IIS work for you? I'm in the same situation as you. Looking for a solution.
Regards,
Krzysztof