We help IT Professionals succeed at work.

SSL Certs and TS Gateway

I am going to be creating an SSL Cert to handle my Exchange 2010 requirements, it is a SAN Cert thus can have up to 5 entries.  We are going to be implementing a Terminal Server Gateway (I have never done this before) and I wanted to know do I need to include an entry for the terminal server gateway, if I do what should the entry be (an example would be helpful).

The entries I need for Exchange to work properly are...
autodiscover.mydomain.com
connect.mydomain.com
mydomain.com

Please advise,

Thank you...
Comment
Watch Question

ShmoidSenior Engineer

Commented:
While you can use the SAN certificate for your TS Gateway it would not be best practice. It would be preferable to use a separate certificate for your TS Gateway. The additional entry should be whatever you want your users to specify when connecting remotely. Some suitable suggestions might be:

remote.domain.com

RDP.domain.com

TSG.domain.com

gateway.domain.com

But again, it could be anything you want. Don’t forget to create an external DNS entry for whatever name you choose.

Author

Commented:
Does that mean that if I wanted to, I could use the same thing I am going to use for Outlook web access?

In my case, that is connect.mydomain.com  OR should I use a totally separate entry as you suggested above.  The end result being...

mydomain.com
connect.mydomain.com (for Outlook Web and Outlook Anywhere)
gateway.mydomain.com (for Terminal Server Gateway)
autodiscover.mydomain.com (Exchange Autodiscover)

Please explain..
ShmoidSenior Engineer

Commented:
No, you wouldn't be able to use connect.mydomain.com for both because you need a DNS entry that points the name you choose to the TS Gateway server and connect.mydomain.com will point to your mail server. If you used the same name all traffic whether for mail or RDP would go to only one location.

Again, it would be best if you got a seperate certificate for your TS Gateway. It would not need to be a SAN cert so cost would be less than your SAN cert for exchagne.

Author

Commented:
Okay, so just to clarify one last time,

If I already have the SAN SSL Cert (which I do). I can add an entry on it called gateway.mydomain.com to provide SSL security to my TS-Server.

Correct.
Senior Engineer
Commented:
That is correct.

You will need to go to your provider and add the SAN and get a new cert and install it on the original server used to make the request then export it and install it on the TS-Gateway server.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.