wahrani16
asked on
Configure RDS 2012 Access with certificates
Hello,
I have installed :
3 RDS 2012 Servers
- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local
2 Brokers
- SRV-BROKER1
- SRV-BROKER2
1 SQL Server
- SRV-SQL
1 RD web and RD Gateway on same server
- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.
Now I am fighting to configure certificate and I need some help please.
I would like to connect to farm trough the RD Gateway.
I'd like to use the external name : farm.test.com
How many certificates I need ?
I heard about the certification authority doesn't deliver certificate for . local domains.
Thank you very much.
I have installed :
3 RDS 2012 Servers
- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local
2 Brokers
- SRV-BROKER1
- SRV-BROKER2
1 SQL Server
- SRV-SQL
1 RD web and RD Gateway on same server
- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.
Now I am fighting to configure certificate and I need some help please.
I would like to connect to farm trough the RD Gateway.
I'd like to use the external name : farm.test.com
How many certificates I need ?
I heard about the certification authority doesn't deliver certificate for . local domains.
Thank you very much.
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind). A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.
ASKER
Hi thank you for your help. I will try to explain my problem.
Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
2nd one concern the name of the connection broker itself SRV-BROKER1.test.local
3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local
after click on Yes and connection, I am able to access to the remote desktop.
- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?
Thank you very much and to summon up one's patience
sorry for my English too :)
Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
2nd one concern the name of the connection broker itself SRV-BROKER1.test.local3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local
after click on Yes and connection, I am able to access to the remote desktop.
- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?
Thank you very much and to summon up one's patience
sorry for my English too :)
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
You can use certificates from a internal certificate authority if you have one or a third party.
Best regards,
Ryan
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/
You can use certificates from a internal certificate authority if you have one or a third party.
Best regards,
Ryan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Found by myself.
Regards,
Regards,