Windows 2012 R2 Certificate Requirements

I would like to inquire about the type of certificate for Windows 2012 R2 RDS server setup.  I will have a single server in test with all Roles to be set up.  5 servers in production:  1. RDCB01: RD Connection Broker/RD Web Access; 2.  RDCB-01: RD Connection broker (HA); 3. RDSH01; RD Session Host, 4. RDSH02; RD Session Host Server and 5. RDGW01:  RD Gateway Server

I'm confused with the type of certificate:  SSL, wildcard, etc. and how to set up in the environment.

Thank you,
trinity2007Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Well, the fact that your test environment doesn't mirror your planned live environment complicates things. Your live environment could use 5 separate certificates. But you can't do that on a single server as only a single certificate can take precedence.  I'm generally not a fan of creating test labs that don't mirror live environments as you end up missing large gaps in the configuration. Virtualization makes creating test labs much easier and should be used to help replicate the planned live environment.

As far as certificates, it depends on the end goal.  You could go with 5 single certs. 1 UCC/SAN cert. 1 wildcard cert. If you plan on publishing .rdp files, you'll need the publishing server (the RDCBs) to have code signing certs, not just server identification certs.  So you have options, but also have specifics that change based on topology and desired feature set.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
trinity2007Author Commented:
Due to budget constraints, we have scaled back the production environment to one server for RDS for now.  This should help with the certificate requirements for RDS.  Since we will be accessing the published applications internally only - no external access (I'm assuming we will not need the RDGateway server role),   As far as the certs go, we will need one for each environment, correct?  And we do have Windows Server 2008 R2 - with CA set up.  Can I just generate the certs from that server for our environment?
Thank you,
0
Cliff GaliherCommented:
For internal only access, yes a local CA should be fine.
0
trinity2007Author Commented:
Thank you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.