Link to home
Start Free TrialLog in
Avatar of IT101
IT101Flag for Australia

asked on

SSL Certificate Required for SBS + Secondary Remote Desktop Server

Hey Experts,
I get very confused around the area of SSL Certificates and I am hoping someone can lend a hand and clear this up for me:

I need to know the SSL setup I must use for the following 2 server implementation:

SBS 2008 STD Server
Secondary 2008 R2 Server with Remote Desktop Services Installed

I have already setup the SBS2008 server with an SSL cert purchased from GoDaddy so that users can use RWW and Outlook Anywhere.
The certificate is a Standard (Turbo) SSL certificate.

1 year later, I now want to install remote desktop services on a secondary server so that I can serve up a third party application over Terminal Services and allow users to log into a session on the server instead of directly to their workstation.
I see that the Remote Desktop Services Role requires an SSL certificate.

So...

Do I have to buy another certificate for this?

If this was in the design phase (SBS2008 section had not been implemented yet) would there be a special SSL cert that could cover both servers?
Avatar of IT101
IT101
Flag of Australia image

ASKER

UPDATE:
What I want to achieve at the end of the day is:

Internal users can access RDWeb Apps and remote desktop connections to the  Secondary Server from their internal PC's.
External users can log onto a remote desktop session on the Remote Desktop Secondary Server via SBS2008's RWW site. from their external PC's.

To my knowledge... (which is very limited as I said before) the ssl cert will verify against the host.FQDN for my turbo SSL cert.
From the outside the user would use the host.FQDN which would point to the companies router and then get port forwarded to the SBS2008 server which holds the correct certificate. Therefore that connection would be valid to the cert and a secure connection would be created.
But where does the SSL cert come into play for the 2nd Server? I do not believe the same cert used on the SBS2008 server could be used as its certified to the FQDN (wouldn't the RDGateway of the SBS2008 server be redirecting to the 2nd server using internal DNS names which therefore have nothing to do with that cert?)

:) As you can see... I need your help.
SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of IT101

ASKER

Thanks for the prompt reply acbrown2010,
I wanted to keep to public certs so that there was no additional work to be performed on any external devices though.
My main confusion however is how to remote directly into a session on the second server via the RWW of the SBS server when a user is outside of the company.

Are their additional certificates that I need to setup for this?
I use a public CA cert on the SBS server which allows users to remotely connect to workstations in the domain.
How do I get the same functionality but where they can log into a session on the second server that has the remote desktop service role instead of relying on a workstation to be on at the time in the domain.
What certificate do I use on the second server to make this possible?

Do I have to scrap the whole idea of going through RWW? And instead create another Public SSL cert that points to the same IP but instead goes over another port and forwards to the second server on the internal subnet?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of IT101

ASKER

OK thanks,
I will have a go and update this post when I have more info.