?
Solved

Windows 2008 R2 RDS how to replace self signed SSL certificate with a 3rd party certificate

Posted on 2014-04-16
3
Medium Priority
?
269 Views
Last Modified: 2015-03-24
I have a single 2008 R2 server configured with all the RDS roles and a self signed SSL certificate.
It's working fine but I would like to replace the self signed certificate with a third party one.
(So users can connect seamlessly)
Looking for a step by step guide or at least a short description of the steps from someone who's done it before.
0
Comment
Question by:George Kesler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40005840
In order to get public Certificate, you have to have registered domain name on internet 1st. (This is mandatory step, otherwise public certificate authorities won't give you cert)

If your domain name is already registered on internet, you can get public SSL certificate from 3rd party
If your server is published on internet, you need to create Host(A) record in public DNS for which you can get public ssl cert
Also in internal dns, you need to create dns zone with same name as public domain name and need to create host(A) record which will point to RDS server private IP

Below part is applicable only if server is utilized as RD gateway server

Also if you are use public SSL cert on RDS server and if you are using server as RD gateway server, then you still require self signed \ certificate from internal CA on all internal servers to which you are connecting with RD gateway server because there host name is having non public domain FQDN

I am not sure if you are using Split DNS (The same domain name that is used internally is already registered on internet)
In that case you can have single public SSL cert from public CA
However if you are using RDS server as RD gateway, then you must add all server hostnames that you are accessing from RD gateway servers to Public SSL certificate (SAN certificate) to avoid certificate errors
OR
You can simply use wild card certificate and install it on all servers you are accessing through RD gateway

Note that in case of RD gateway server you need to install cert on all severs which you are accessing

Mahesh.
0
 
LVL 3

Author Comment

by:George Kesler
ID: 40006391
Thanks Mahes, this part I (mostly) knew already.
What is the actual procedure of requesting the certificate on the RDS server?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40006868
So if there is IIS instance installed on terminal server, you can generate request from IIS itself
OR
On terminal server you can open custom MMC console and load there local computer certificate personnel store and from there request new certificate with custom request, save request to file and send that file to 3rd party Certificate vendor
Note that with MMC method you need to select certificate enhenced key usage as Server Authentication
He will provide you new certificate
http://vstepic.blogspot.in/2011/12/how-to-request-san-certificate-using.html

Mahesh
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question