vision_on
asked on
Windows 2012 R2 RDS Certificates
Hello
I am deploying a Windows 2012 R2 RDS farm, I have got the point where I need to install certificates, the servers are:
RDSBrok01 + Web
RDSBrok02
RDSH01
RDSH02
RDSH03
I am a little confused where I generate the certificate request from, do I just go into RDSBrok01 and generate from IIS? I want to use a Wildcard cert from Digicert as well, the company I work for already has one of these and I can get a copy from their website. The bit I am not sure about is when I generate the cert request does it matter what details I put in the Common Name for example and does it matter that I generated it from just the one server in the farm?
Thanks
I am deploying a Windows 2012 R2 RDS farm, I have got the point where I need to install certificates, the servers are:
RDSBrok01 + Web
RDSBrok02
RDSH01
RDSH02
RDSH03
I am a little confused where I generate the certificate request from, do I just go into RDSBrok01 and generate from IIS? I want to use a Wildcard cert from Digicert as well, the company I work for already has one of these and I can get a copy from their website. The bit I am not sure about is when I generate the cert request does it matter what details I put in the Common Name for example and does it matter that I generated it from just the one server in the farm?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I understand thanks. So as I intend to get users to access the RDS website using https://rdsapps.companyname.gov.uk/rdweb, I should make the Common Name *.companyname.gov.uk and it should work.
I read somewhere that for the cert you need to select 4096 as the bit length, is that something you know about?
I read somewhere that for the cert you need to select 4096 as the bit length, is that something you know about?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok final question! If generate my Cert request through IIS, can I be sure that it is a Server Authentication certificate request?
Yes thats right!
ASKER
Thanks you have been very helpful.
V.
V.
ASKER
Thanks for your reply, so because I intend to use a wildcard cert, that will be *.companyname.gov.uk, the Subject name and SAN both contain this, so I assume that this will be ok for Single Sign On, Publishing and Web Access. At the moment there is no external access just internal clients.
Just so I am clear, when I go through the certificate request wizard, it asks for "Common Name", it does not matter what I put in here? Or should I use the name that I want clients to use to access the service, for example, "WebApps", so the URL they use would be https://webapps.companyname.gov.uk/rdweb ?
Cheers
V.