We help IT Professionals succeed at work.

Certificate for computers in NLB

mikeydk asked

I have some Windows 2008 RDS servers in a NLB.

When the user logs on a server (RDS.MYDOMAIN.LOCAL) - then the certificate from my PKI does not match (The server shows SRV01.MYDOMAIN.LOCAL certificate, but the client thinks its RDS.MYDOMAIN.LOCAL)

What kind of certificate should I use? (only internal) - Can I use my PKI for this certificate?

Watch Question

Senior Systems Admin
Top Expert 2010
You can (and have to) generate a PKI certificate for a .local domain name. For your situation, you would want to generate a wildcard or Subject Alternate Name (SAN) certificate for the server. http://technet.microsoft.com/en-us/library/ff625722%28WS.10%29.aspx can give you a little information on SANs. Wildcards are generated by building a CSR using *.mydomain.local as the CN for the certificate. A wildcard will work for any host and can be imported to all your servers, so it's easier to use.