Solved

Windows 2008 R2 RDS how to replace self signed SSL certificate with a 3rd party certificate

Posted on 2014-04-16
3
201 Views
Last Modified: 2015-03-24
I have a single 2008 R2 server configured with all the RDS roles and a self signed SSL certificate.
It's working fine but I would like to replace the self signed certificate with a third party one.
(So users can connect seamlessly)
Looking for a step by step guide or at least a short description of the steps from someone who's done it before.
0
Comment
Question by:George Kesler
  • 2
3 Comments
 
LVL 35

Expert Comment

by:Mahesh
ID: 40005840
In order to get public Certificate, you have to have registered domain name on internet 1st. (This is mandatory step, otherwise public certificate authorities won't give you cert)

If your domain name is already registered on internet, you can get public SSL certificate from 3rd party
If your server is published on internet, you need to create Host(A) record in public DNS for which you can get public ssl cert
Also in internal dns, you need to create dns zone with same name as public domain name and need to create host(A) record which will point to RDS server private IP

Below part is applicable only if server is utilized as RD gateway server

Also if you are use public SSL cert on RDS server and if you are using server as RD gateway server, then you still require self signed \ certificate from internal CA on all internal servers to which you are connecting with RD gateway server because there host name is having non public domain FQDN

I am not sure if you are using Split DNS (The same domain name that is used internally is already registered on internet)
In that case you can have single public SSL cert from public CA
However if you are using RDS server as RD gateway, then you must add all server hostnames that you are accessing from RD gateway servers to Public SSL certificate (SAN certificate) to avoid certificate errors
OR
You can simply use wild card certificate and install it on all servers you are accessing through RD gateway

Note that in case of RD gateway server you need to install cert on all severs which you are accessing

Mahesh.
0
 
LVL 3

Author Comment

by:George Kesler
ID: 40006391
Thanks Mahes, this part I (mostly) knew already.
What is the actual procedure of requesting the certificate on the RDS server?
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40006868
So if there is IIS instance installed on terminal server, you can generate request from IIS itself
OR
On terminal server you can open custom MMC console and load there local computer certificate personnel store and from there request new certificate with custom request, save request to file and send that file to 3rd party Certificate vendor
Note that with MMC method you need to select certificate enhenced key usage as Server Authentication
He will provide you new certificate
http://vstepic.blogspot.in/2011/12/how-to-request-san-certificate-using.html

Mahesh
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now