• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 393
  • Last Modified:

Binding Trusted Cert to RD Connection Broker

I have a newly setup Server 2012 R2 RDS server that has the RD connection Broker, RD session Host, RD Gateway, RD Licensing, and RD Web Access role installed.  I have a trusted cert from Godaddy that I bound to my Default Website in IIS 8.  That cert does verify my website.  How do I use that same certificate or a trusted certificate and bind it to the RD Connection Broker, Web Access, and RD Gateway?

Thanks in advance!
1 Solution
btanExec ConsultantCommented:
As a whole do use the Server Manager for the importing of the cert to all servers, see the "Manage Certificates" for single deployment at best ..http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

Do check out see this too
External name: RDWEB.CONTOSO.com
Internal name: RDWEB.CONTOSO.local
If you have a certificate with RDWEB.CONTOSO.COM in the name, you will see certificate errors. This is because the certificate is supposed to validate a server with the FQDN of “RDWEB.CONTOSO.COM,” but your server name is “RDWEB.CONTOSO.local.” (Changing the .com to .local occurs at your public firewall or router using port forwarding.)
In this case, you can get a certificate from a public CA with the external name (RDWEB.CONTOSO.COM) and bind it to the RD Web Access and RD Gateway roles. (These are the only roles that are exposed to the Internet.) For the RD Connection Broker – Publishing and RD Connection Broker – Enable Single Sign On roles, you can use an internal certificate with the DOMAIN.local name on it.
You can use a single certificate for all the roles if your clients are internal to the domain only, by generating a wildcard certificate (*.CONTOSO.local) and binding it to all roles.

Note that, even if you have multiple servers in the deployment, Server Manager will import the certificate to all servers, place the certificate in the trusted root for each server, and then bind the certificate to the respective roles.
MS - https://technet.microsoft.com/en-us/library/dn781533.aspx 
(and some screen flow in http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now