Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 2008 R2 RDS how to replace self signed SSL certificate with a 3rd party certificate

Posted on 2014-04-16
3
Medium Priority
?
303 Views
Last Modified: 2015-03-24
I have a single 2008 R2 server configured with all the RDS roles and a self signed SSL certificate.
It's working fine but I would like to replace the self signed certificate with a third party one.
(So users can connect seamlessly)
Looking for a step by step guide or at least a short description of the steps from someone who's done it before.
0
Comment
Question by:George Kesler
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Mahesh
ID: 40005840
In order to get public Certificate, you have to have registered domain name on internet 1st. (This is mandatory step, otherwise public certificate authorities won't give you cert)

If your domain name is already registered on internet, you can get public SSL certificate from 3rd party
If your server is published on internet, you need to create Host(A) record in public DNS for which you can get public ssl cert
Also in internal dns, you need to create dns zone with same name as public domain name and need to create host(A) record which will point to RDS server private IP

Below part is applicable only if server is utilized as RD gateway server

Also if you are use public SSL cert on RDS server and if you are using server as RD gateway server, then you still require self signed \ certificate from internal CA on all internal servers to which you are connecting with RD gateway server because there host name is having non public domain FQDN

I am not sure if you are using Split DNS (The same domain name that is used internally is already registered on internet)
In that case you can have single public SSL cert from public CA
However if you are using RDS server as RD gateway, then you must add all server hostnames that you are accessing from RD gateway servers to Public SSL certificate (SAN certificate) to avoid certificate errors
OR
You can simply use wild card certificate and install it on all servers you are accessing through RD gateway

Note that in case of RD gateway server you need to install cert on all severs which you are accessing

Mahesh.
0
 
LVL 3

Author Comment

by:George Kesler
ID: 40006391
Thanks Mahes, this part I (mostly) knew already.
What is the actual procedure of requesting the certificate on the RDS server?
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40006868
So if there is IIS instance installed on terminal server, you can generate request from IIS itself
OR
On terminal server you can open custom MMC console and load there local computer certificate personnel store and from there request new certificate with custom request, save request to file and send that file to 3rd party Certificate vendor
Note that with MMC method you need to select certificate enhenced key usage as Server Authentication
He will provide you new certificate
http://vstepic.blogspot.in/2011/12/how-to-request-san-certificate-using.html

Mahesh
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question