• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1417
  • Last Modified:

Remote desktop farm with wildcard cert

I have setup a remote desktop farm

Gateway: gateway.mydomain.org --> gw01.internal.local,gw02.internal.local
RD farm : farm.nlb.mydomain.org --> rd01.internal.local,rd02.internal.local,rd03.internal.local,rd04.internal.local

I have assigned a wildcard cert to all the remote desktop servers and the gateway servers but seem to have a little problem.

I get a cert error "Name mismatch"
requested remote computer
Name in the certificate from the remote computer

Do i need to buy another wildcard cert to use on the remote desktop servers or do i need to do some thing else ?
Can i wildcard cert not be used on child domains?
  • 2
1 Solution
dkSoftwareAuthor Commented:
Has no one faced this issue before ?
The problem is that the URl doesn't conform to the wildcard specification.

*.mydomain.org will match for server1.mydomain.org, thatcomputer.mydomain.org, otherserver.mydomain.org but does not match bobs.computer.mydomain.org.

A wildcard certificate can only use a wildcard for the leftmost entity of the host portion fo the URI and there can be no dots in that entity.  To match farm.nlb.mydomain.org you would need a certificate for *.nlb.mydomain.org which would then work for fram.nlb.mydomain.org, farm2.nlb.mydomain.org, etc.

To have a certificate that works for both gateway.mydomain.org and farm.nlb.mydomain.org you will need to get a SAN certificate that specifies those DNS names in the Subject Alternate Field and install that certificate on your servers instead.

Dave Dietz
dkSoftwareAuthor Commented:
Thank you very much for this.
This confirms my theory and I will purchase another wildcard cert. to solve my problem :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now