Solved

Windows 2008 R2 RDS how to replace self signed SSL certificate with a 3rd party certificate

Posted on 2014-04-16
3
234 Views
Last Modified: 2015-03-24
I have a single 2008 R2 server configured with all the RDS roles and a self signed SSL certificate.
It's working fine but I would like to replace the self signed certificate with a third party one.
(So users can connect seamlessly)
Looking for a step by step guide or at least a short description of the steps from someone who's done it before.
0
Comment
Question by:George Kesler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 40005840
In order to get public Certificate, you have to have registered domain name on internet 1st. (This is mandatory step, otherwise public certificate authorities won't give you cert)

If your domain name is already registered on internet, you can get public SSL certificate from 3rd party
If your server is published on internet, you need to create Host(A) record in public DNS for which you can get public ssl cert
Also in internal dns, you need to create dns zone with same name as public domain name and need to create host(A) record which will point to RDS server private IP

Below part is applicable only if server is utilized as RD gateway server

Also if you are use public SSL cert on RDS server and if you are using server as RD gateway server, then you still require self signed \ certificate from internal CA on all internal servers to which you are connecting with RD gateway server because there host name is having non public domain FQDN

I am not sure if you are using Split DNS (The same domain name that is used internally is already registered on internet)
In that case you can have single public SSL cert from public CA
However if you are using RDS server as RD gateway, then you must add all server hostnames that you are accessing from RD gateway servers to Public SSL certificate (SAN certificate) to avoid certificate errors
OR
You can simply use wild card certificate and install it on all servers you are accessing through RD gateway

Note that in case of RD gateway server you need to install cert on all severs which you are accessing

Mahesh.
0
 
LVL 3

Author Comment

by:George Kesler
ID: 40006391
Thanks Mahes, this part I (mostly) knew already.
What is the actual procedure of requesting the certificate on the RDS server?
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40006868
So if there is IIS instance installed on terminal server, you can generate request from IIS itself
OR
On terminal server you can open custom MMC console and load there local computer certificate personnel store and from there request new certificate with custom request, save request to file and send that file to 3rd party Certificate vendor
Note that with MMC method you need to select certificate enhenced key usage as Server Authentication
He will provide you new certificate
http://vstepic.blogspot.in/2011/12/how-to-request-san-certificate-using.html

Mahesh
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Windows Server 2008 R2 - Clock Time out of synch 14 59
Extend AD schema for SCCM 2012 3 46
Remote Desktop Session Host Configuration 2 82
Separate DNS forwarding 2 48
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question