• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 131
  • Last Modified:

Windows 2012 R2 Certificate Requirements

I would like to inquire about the type of certificate for Windows 2012 R2 RDS server setup.  I will have a single server in test with all Roles to be set up.  5 servers in production:  1. RDCB01: RD Connection Broker/RD Web Access; 2.  RDCB-01: RD Connection broker (HA); 3. RDSH01; RD Session Host, 4. RDSH02; RD Session Host Server and 5. RDGW01:  RD Gateway Server

I'm confused with the type of certificate:  SSL, wildcard, etc. and how to set up in the environment.

Thank you,
0
trinity2007
Asked:
trinity2007
  • 2
  • 2
2 Solutions
 
Cliff GaliherCommented:
Well, the fact that your test environment doesn't mirror your planned live environment complicates things. Your live environment could use 5 separate certificates. But you can't do that on a single server as only a single certificate can take precedence.  I'm generally not a fan of creating test labs that don't mirror live environments as you end up missing large gaps in the configuration. Virtualization makes creating test labs much easier and should be used to help replicate the planned live environment.

As far as certificates, it depends on the end goal.  You could go with 5 single certs. 1 UCC/SAN cert. 1 wildcard cert. If you plan on publishing .rdp files, you'll need the publishing server (the RDCBs) to have code signing certs, not just server identification certs.  So you have options, but also have specifics that change based on topology and desired feature set.
0
 
trinity2007Author Commented:
Due to budget constraints, we have scaled back the production environment to one server for RDS for now.  This should help with the certificate requirements for RDS.  Since we will be accessing the published applications internally only - no external access (I'm assuming we will not need the RDGateway server role),   As far as the certs go, we will need one for each environment, correct?  And we do have Windows Server 2008 R2 - with CA set up.  Can I just generate the certs from that server for our environment?
Thank you,
0
 
Cliff GaliherCommented:
For internal only access, yes a local CA should be fine.
0
 
trinity2007Author Commented:
Thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now