Link to home
Start Free TrialLog in
Avatar of InnovateAll
InnovateAllFlag for United States of America

asked on

Buying ssl for 2008 terminal server

I am purchasing an SSL cert for my 2008 terminal server (has a self signed currently) and was wondering how i should address it?
The outside address users connect to is mail.mydomain.com , however the machine name is ABC-TS

so do i need to purchase an ssl for abc-ts.mydomain.com  and keep the mail. the same or do i need to add an a record and have my users connect to abc-ts.mydomain.com
Or am i completely wrong and it needs to be addressed to my internal domain?

Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Shmoid
Shmoid
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
No need to be sorry, but I'm afraid I must still respectively disagree.

It doesn't matter if the hostname and DNS names match. It is simply irrelevent. Further, if you are accessing a server from inside you would not go through the TS Gateway (unless perhaps an admin wanted to do something on the TS Gateway server) Even then, from the inside it would not use the SSL cert at all. RDP is encrypted natively. You can RDP to a brand new server with no certificates on it at all. That is not to say that it can't be setup for SSL but it is not by default and to turn it on both the host server and the client computer must be correctly configured for SSL/TLS to provide the enhanced security.

Since the original poster has closed this question I won't beat it to death.