Windows 2008 R2 RDS how to replace self signed SSL certificate with a 3rd party certificate

I have a single 2008 R2 server configured with all the RDS roles and a self signed SSL certificate.
It's working fine but I would like to replace the self signed certificate with a third party one.
(So users can connect seamlessly)
Looking for a step by step guide or at least a short description of the steps from someone who's done it before.
LVL 3
George KeslerAsked:
Who is Participating?
 
MaheshConnect With a Mentor ArchitectCommented:
So if there is IIS instance installed on terminal server, you can generate request from IIS itself
OR
On terminal server you can open custom MMC console and load there local computer certificate personnel store and from there request new certificate with custom request, save request to file and send that file to 3rd party Certificate vendor
Note that with MMC method you need to select certificate enhenced key usage as Server Authentication
He will provide you new certificate
http://vstepic.blogspot.in/2011/12/how-to-request-san-certificate-using.html

Mahesh
0
 
MaheshArchitectCommented:
In order to get public Certificate, you have to have registered domain name on internet 1st. (This is mandatory step, otherwise public certificate authorities won't give you cert)

If your domain name is already registered on internet, you can get public SSL certificate from 3rd party
If your server is published on internet, you need to create Host(A) record in public DNS for which you can get public ssl cert
Also in internal dns, you need to create dns zone with same name as public domain name and need to create host(A) record which will point to RDS server private IP

Below part is applicable only if server is utilized as RD gateway server

Also if you are use public SSL cert on RDS server and if you are using server as RD gateway server, then you still require self signed \ certificate from internal CA on all internal servers to which you are connecting with RD gateway server because there host name is having non public domain FQDN

I am not sure if you are using Split DNS (The same domain name that is used internally is already registered on internet)
In that case you can have single public SSL cert from public CA
However if you are using RDS server as RD gateway, then you must add all server hostnames that you are accessing from RD gateway servers to Public SSL certificate (SAN certificate) to avoid certificate errors
OR
You can simply use wild card certificate and install it on all servers you are accessing through RD gateway

Note that in case of RD gateway server you need to install cert on all severs which you are accessing

Mahesh.
0
 
George KeslerAuthor Commented:
Thanks Mahes, this part I (mostly) knew already.
What is the actual procedure of requesting the certificate on the RDS server?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.