InnovateAll
asked on
Buying ssl for 2008 terminal server
I am purchasing an SSL cert for my 2008 terminal server (has a self signed currently) and was wondering how i should address it?
The outside address users connect to is mail.mydomain.com , however the machine name is ABC-TS
so do i need to purchase an ssl for abc-ts.mydomain.com and keep the mail. the same or do i need to add an a record and have my users connect to abc-ts.mydomain.com
Or am i completely wrong and it needs to be addressed to my internal domain?
Thanks!
The outside address users connect to is mail.mydomain.com , however the machine name is ABC-TS
so do i need to purchase an ssl for abc-ts.mydomain.com and keep the mail. the same or do i need to add an a record and have my users connect to abc-ts.mydomain.com
Or am i completely wrong and it needs to be addressed to my internal domain?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It doesn't matter if the hostname and DNS names match. It is simply irrelevent. Further, if you are accessing a server from inside you would not go through the TS Gateway (unless perhaps an admin wanted to do something on the TS Gateway server) Even then, from the inside it would not use the SSL cert at all. RDP is encrypted natively. You can RDP to a brand new server with no certificates on it at all. That is not to say that it can't be setup for SSL but it is not by default and to turn it on both the host server and the client computer must be correctly configured for SSL/TLS to provide the enhanced security.
Since the original poster has closed this question I won't beat it to death.