Solved

Installing SSL on my RDP server

Posted on 2013-11-11
10
576 Views
Last Modified: 2013-11-11
I need to install an SSL certificate on my RDP server, however it seems like its needs a domain associated with it. I have no domain except my local domain. I assume I would just be using my WAN IP.

Mydomain.local

1) Is the lack of a domain name pointing to my server going to cause issues for me.

2) Do I just purchase a ticket from Godaddy and that will encrypt my RDP server?
0
Comment
Question by:cnl83
  • 4
  • 4
  • 2
10 Comments
 
LVL 6

Expert Comment

by:RaithZ
ID: 39640446
1. for SSL as long as the certificate is signed by one of the recognized SSL providers it doesn't matter what domain the certificate is for, as long as it matches the address that you are connecting to.  If it does not match, you will get a message when connecting via RDP that the certificate does not match.  You should still be able to click through this and connect, and your traffic will be encrypted regardless of the message.

2. Not all providers will provide certificates for .local domain's.  In the past I have purchased certs for local domains through www.digicert.com and networksolutions.com   I don't know if Godaddy will provide SSL certs for .local domains since they are unable to verify that they exist or that you own it.
0
 
LVL 9

Accepted Solution

by:
guswebb earned 500 total points
ID: 39640447
You should first of all have a domain name and point it at your IP, then you can get a certificate and secure your RDP server, or whatever else you might publish via the domain name.
0
 

Author Comment

by:cnl83
ID: 39640470
I don't want any kind of web traffic. I don't want to setup a web server or anything like that.
0
 
LVL 9

Expert Comment

by:guswebb
ID: 39640479
If I understand correctly you want to make your server accessible to external connections using its IP address and for this to be secured by a SSL certificate. In order to do this you would need your IP address available externally and to accept traffic from the web on port 3389. This doesn't require the setting up of a web server. However, to configure an SSL certificate on your server (either installed on your firewall if using something like TMG, or on a Terminal Services Gateway), your external IP address will need to resolve to a domain name. That doesn't mean that you have to run a website, publish any content on port 80, or receive any kind of web traffic (other than the RDP traffic), just that the domain name will resolve to your external IP and thus allow you to purchase a certificate as per your requirement.
0
 

Author Comment

by:cnl83
ID: 39640496
I have a SONICWALL firewall. Your saying I can install the ssl there?
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:guswebb
ID: 39640507
I'm not familiar with Sonicwall firewalls but I believe you can, yes.
0
 
LVL 6

Expert Comment

by:RaithZ
ID: 39640538
You would want to install the SSL on the machine that is being connected to (the RDP server), regardless of how you get there.  Installing it on the firewall itself will not help secure the connection to the RDP server.
0
 

Author Comment

by:cnl83
ID: 39640603
GEOSTRUST doesnt support internal domain names.
geotust.jpg
0
 

Author Closing Comment

by:cnl83
ID: 39640702
Ok, so I tried verisign's trial certificate but the configuration issue with a real domain seems to come up, so my first fear is confirmed. That took me down rabbit holes that go to far.
0
 
LVL 9

Expert Comment

by:guswebb
ID: 39640867
That is why I advised you that you will need a domain name. That doesn't mean you need a web server or to accommodate lots of web traffic.
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO Delegation 4 29
Undo a Print Server Setup 5 71
equivalent of Enterprise 2008R2 OS edition in 2016 2 25
F5 SSL Sticky Load Balancing Question 3 25
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now