Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remote desktop farm with wildcard cert

Posted on 2011-03-13
3
Medium Priority
?
1,397 Views
Last Modified: 2013-11-21
Hi,
I have setup a remote desktop farm

Gateway: gateway.mydomain.org --> gw01.internal.local,gw02.internal.local
RD farm : farm.nlb.mydomain.org --> rd01.internal.local,rd02.internal.local,rd03.internal.local,rd04.internal.local

I have assigned a wildcard cert to all the remote desktop servers and the gateway servers but seem to have a little problem.

I get a cert error "Name mismatch"
requested remote computer
farm.nlb.mydomain.org
Name in the certificate from the remote computer
*.mydomain.org

Do i need to buy another wildcard cert to use on the remote desktop servers or do i need to do some thing else ?
Can i wildcard cert not be used on child domains?
0
Comment
Question by:dkSoftware
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Author Comment

by:dkSoftware
ID: 35126945
Has no one faced this issue before ?
0
 
LVL 34

Accepted Solution

by:
Dave_Dietz earned 2000 total points
ID: 35131135
The problem is that the URl doesn't conform to the wildcard specification.

*.mydomain.org will match for server1.mydomain.org, thatcomputer.mydomain.org, otherserver.mydomain.org but does not match bobs.computer.mydomain.org.

A wildcard certificate can only use a wildcard for the leftmost entity of the host portion fo the URI and there can be no dots in that entity.  To match farm.nlb.mydomain.org you would need a certificate for *.nlb.mydomain.org which would then work for fram.nlb.mydomain.org, farm2.nlb.mydomain.org, etc.

To have a certificate that works for both gateway.mydomain.org and farm.nlb.mydomain.org you will need to get a SAN certificate that specifies those DNS names in the Subject Alternate Field and install that certificate on your servers instead.

Dave Dietz
0
 

Author Comment

by:dkSoftware
ID: 35134133
Thank you very much for this.
This confirms my theory and I will purchase another wildcard cert. to solve my problem :)
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question