Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 2012 R2 RDS Certificates

Posted on 2014-09-03
8
Medium Priority
?
478 Views
1 Endorsement
Last Modified: 2014-09-03
Hello

I am deploying a Windows 2012 R2 RDS farm, I have got the point where I need to install certificates, the servers are:

RDSBrok01 + Web
RDSBrok02
RDSH01
RDSH02
RDSH03

I am a little confused where I generate the certificate request from, do I just go into RDSBrok01 and generate from IIS?  I want to use a Wildcard cert from Digicert as well, the company I work for already has one of these and I can get a copy from their website.  The bit I am not sure about is when I generate the cert request does it matter what details I put in the Common Name for example and does it matter that I generated it from just the one server in the farm?

Thanks
1
Comment
Question by:vision_on
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 8

Accepted Solution

by:
Wilder_Admin earned 2000 total points
ID: 40300396
On which computer you generate the request does not matter. What Remote Desktop cares about is that it's a Server Authentication certificate, the FQDN is either in the Subject Name, or SAN, and that the certificate is trusted.

RDS accepts wildcard certs but Lync2013 for example not.
0
 
LVL 1

Author Comment

by:vision_on
ID: 40300422
Hello Wilder Admin

Thanks for your reply, so because I intend to use a wildcard cert, that will be *.companyname.gov.uk, the Subject name and SAN both contain this, so I assume that this will be ok for Single Sign On, Publishing and Web Access.  At the moment there is no external access just internal clients.

Just so I am clear, when I go through the certificate request wizard, it asks for "Common Name", it does not matter what I put in here?  Or should I use the name  that I want clients to use to access the service, for example, "WebApps", so the URL they use would be https://webapps.companyname.gov.uk/rdweb  ?

Cheers
V.
0
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 2000 total points
ID: 40300453
The Common Name is typically composed of Host + Domain Name and will look like "*.companyname.gov.uk" or "companyname.gov.uk". SSL Server Certificates are specific to the Common Name that they have been issued to at the Host level. The Common Name must be the same as the Web address you will be accessing when connecting to a secure site. For example, a SSL Server Certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", as "www.domain.com" and "secure.domain.com" are different from "domain.com". You would need to create a CSR for the correct Common Name. When the Certificate will be used on an Intranet (or internal network), the Common Name may be one word, and it can also be the name of the server.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 1

Author Comment

by:vision_on
ID: 40300473
I understand thanks.  So as I intend to get users to access the RDS website using https://rdsapps.companyname.gov.uk/rdweb, I should make the Common Name *.companyname.gov.uk and it should work.

I read somewhere that for the cert you need to select 4096 as the bit length, is that something you know about?
0
 
LVL 8

Assisted Solution

by:Wilder_Admin
Wilder_Admin earned 2000 total points
ID: 40300484
The common Name is ok

the length inside of a lan can be shorter. This length is only suggested for outside communication.
0
 
LVL 1

Author Comment

by:vision_on
ID: 40300500
Ok final question!  If generate my Cert request through IIS, can I be sure that it is a Server Authentication certificate request?
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40300513
Yes thats right!
0
 
LVL 1

Author Comment

by:vision_on
ID: 40300521
Thanks you have been very helpful.

V.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question