siggjen
asked on
Remote desktop session host shows old self signed SSL certificate instead of SAN certificate
I am setting up a remote desktop solution on Windows Server 2008 R2 for external and internal access.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no running Remote Desktop Connection Manager and Session host.
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.
The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no among others added as subject alternate name. This certificate has been set up on the IIS, and the gateway running on ssl, and is working. It has also been exported from ssl and imported to the computer account on bgo-vm-116. Then it was added to connection manager and session host on bgo-vm-116. But the remote app/desktop is still signed by the old self-signed certificate when I open it. Internally it is working because the self signed certificate is trusted in the domain.
ssl.greenreefers.no running Remote Desktop Web Access and Gateway.
bgo-vm-116.greenreefers.no
Port 443 is forwarded to ssl in the firewall.
All servers are joined to active directory.
When everything is working a 2-factor authentication solution will be added.
The problem I am facing is a self signed ssl certificate on the session host.
When things started working as intended I applied for an EV SAN certificate from GeoTrust issued to ssl.greenreefers.no, with bgo-vm-116.greenreefers.no
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you installed the certificate on the session host?
ASKER
Yes, and I have selected it in the rdsh and rdcm tool.
Can you post screenshot of the certificate selection in Remote Desktop Session Host tool? I don't understand how you can say that it is selected and also that there are no certificates installed.
ASKER
Take a look at the Certificate Store for the computer. The GeoTrust certificate should be in the Personal store. Can you grab a screenshot of the Personal store under Certificates (Local Computer)? You normally get there by starting mmc.exe, and then add the Certificates snap-in.
That looks right. Have you rebooted since the certificate was installed?
ASKER
I have now rebooted and was again presented the self signed certificate when I tried to open something from the RDWeb page.
ASKER
I couldn't select the GeoTrust certificate in RDSH config tool either
ASKER
I needed to change the SAN certificate because I added another Subject Alternate Name to it. When it was imported properly I was able to select the certificate and now it works. Thank you very much for the help.
ASKER