• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 660
  • Last Modified:

Configure RDS 2012 Access with certificates

Hello,

I have installed :

3 RDS 2012 Servers

- SRV-RDS1.test.local
- SRV-RDS2.test.local
- SRV-RDS3.test.local

2 Brokers
- SRV-BROKER1
- SRV-BROKER2

1 SQL Server
- SRV-SQL

1 RD web and RD Gateway on same server

- SRV-RDSGW
When I connect from local I use the name farm.test.local to connect to brokers who redirect me to RDS1 RDS2 or RDS3. All works good.

Now I am fighting to configure certificate and I need some help please.

I would like to connect to farm trough the RD Gateway.

I'd like to use the external name : farm.test.com

How many certificates I need ?

I heard about the certification authority doesn't deliver certificate for . local domains.


Thank you very much.
0
wahrani16
Asked:
wahrani16
  • 3
1 Solution
 
bmurray-vbCommented:
1 Certificate, if you are using farm.test.com and do not create an internal authoritative DNS zone then even when on the inside of the network, machines will connect to the external name (which I assume you will NAT through a firewall of some kind).   A simple name certificate is all that is required, requested by, and installed on the RD Gateway server through IIS.
0
 
wahrani16Author Commented:
Hi thank you for your help. I will try to explain my problem.

Actually here's what I have in the certificate rds settings :
the CN is farm.test.com
 rds cert settings
a csr was generated from the rd Gateway server (on IIS) for the common name farm.test.com
I have used startssl certificate authority and I have placed the answer it in the rd Gateway settings :
 rd gateway cert
Actually when I try to connect to RD Gateway ans specify farm.test.com, I can connect but I have a lot of warnings :
1st one concern the name farm.test.local (it's the dns name for the RR for brokers)
cert warning2nd one concern the name of the connection broker itself SRV-BROKER1.test.local

3rd one concern the name of one of the RDS Servers for example SRV-RDS1.test.local

after click on Yes and connection, I am able to access to the remote desktop.

- I think that it's a certificate issue for SSO etc .... Maybe Need a wildcard certificate ?
- I have read a lot of document but I am not familiar with wilcard certificate ?
- Will I use a an internal authority to protect the local domains ?

Thank you very much and to summon up one's patience
sorry for my English too :)
0
 
Ryan ManganCommented:
Hi, have a look at the following article which shows how to configure Certificate services for RDS 2012:

http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/ 

You can use certificates from a internal certificate authority if you have one or a third party.

Best regards,

Ryan
0
 
wahrani16Author Commented:
Hi,
Thanks Ryan but
Finally, I have used a Godaddy certificate for access Gateway.
I have used a self signed Certificate for SSO and rdp signing because when I used a wildcard certificate delivered from an Internal CA, i had a lot of problems with Windows XP computers connecting from external due to CRL validation.
0
 
wahrani16Author Commented:
Found by myself.
Regards,
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now