Windows 2012 R2 RDS Certificates

Hello

I am deploying a Windows 2012 R2 RDS farm, I have got the point where I need to install certificates, the servers are:

RDSBrok01 + Web
RDSBrok02
RDSH01
RDSH02
RDSH03

I am a little confused where I generate the certificate request from, do I just go into RDSBrok01 and generate from IIS?  I want to use a Wildcard cert from Digicert as well, the company I work for already has one of these and I can get a copy from their website.  The bit I am not sure about is when I generate the cert request does it matter what details I put in the Common Name for example and does it matter that I generated it from just the one server in the farm?

Thanks
LVL 1
vision_onAsked:
Who is Participating?
 
Wilder_AdminConnect With a Mentor Commented:
On which computer you generate the request does not matter. What Remote Desktop cares about is that it's a Server Authentication certificate, the FQDN is either in the Subject Name, or SAN, and that the certificate is trusted.

RDS accepts wildcard certs but Lync2013 for example not.
0
 
vision_onAuthor Commented:
Hello Wilder Admin

Thanks for your reply, so because I intend to use a wildcard cert, that will be *.companyname.gov.uk, the Subject name and SAN both contain this, so I assume that this will be ok for Single Sign On, Publishing and Web Access.  At the moment there is no external access just internal clients.

Just so I am clear, when I go through the certificate request wizard, it asks for "Common Name", it does not matter what I put in here?  Or should I use the name  that I want clients to use to access the service, for example, "WebApps", so the URL they use would be https://webapps.companyname.gov.uk/rdweb  ?

Cheers
V.
0
 
Wilder_AdminConnect With a Mentor Commented:
The Common Name is typically composed of Host + Domain Name and will look like "*.companyname.gov.uk" or "companyname.gov.uk". SSL Server Certificates are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. For example, a SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", as "www.domain.com" and "secure.domain.com" are different from "domain.com". You would need to create a CSR for the correct Common Name. When the Certificate will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
vision_onAuthor Commented:
I understand thanks.  So as I intend to get users to access the RDS website using https://rdsapps.companyname.gov.uk/rdweb, I should make the Common Name *.companyname.gov.uk and it should work.

I read somewhere that for the cert you need to select 4096 as the bit length, is that something you know about?
0
 
Wilder_AdminConnect With a Mentor Commented:
The common Name is ok

the length inside of a lan can be shorter. This length is only suggested for outside communication.
0
 
vision_onAuthor Commented:
Ok final question!  If generate my Cert request through IIS, can I be sure that it is a Server Authentication certificate request?
0
 
Wilder_AdminCommented:
Yes thats right!
0
 
vision_onAuthor Commented:
Thanks you have been very helpful.

V.
0
All Courses

From novice to tech pro — start learning today.