We help IT Professionals succeed at work.

Self-signed SSL certificate?

Go-Bruins asked
Hi all,

I'm playing around with a Windows Server 2012 home lab. I'm trying to figure out RDS, but I'm stuck here:

Is this something I buy or make up? I need someone to point me in the right direction.

Thanks in advance.
Watch Question

Since it's self signed, it's not that big of a deal.

If you have a public hostname assigned to this server, use that. If not, you can still use a free dynamic hostname.
Did your provider give you a host name. Do you have access to a DNS panel of your website (assign the public IP of your server to a new hostname)?

I assume you already know your public IP (how else do you connect to your server from the outside). Sometimes the ISP already has a hostname for you (use nslookup IP_number). Sometimes you want one that's easy to remember. Like your company website. Then go that that DNS panel, add a name like rdserver.domain.com, assign the IP number. Then fill in rdserver.domain.com in that field.


Sorry - complete noob here...

This is a home lab with a Server and a few workstations, and there is no website associated with this network.

I did notice that when I was playing with Windows 2012 Essentials, I had the option of signing up with something like "my_name.remotewebaccess.com". Is this what I should be doing?
Distinguished Expert 2018
You can't do that outside of essentials. You should put in any FQDN for a domain name you control externally and can create an A record for. If you don't have any external DNS service, you won't be able to use the RDGateway service as IP addresses for rdgateway connections aren't supported.

As I said, you can do this for free.
NOIP is still free, sign up, assign a free hostname to your public IP: http://www.noip.com/free


Thank you. let me see if I have a grasp of this.

1. Setup something like MyCompany.noip.com. I then create an "A record", which basically points to the IP address given to me by Comcast (or whomever).
3. My router then port forwards it to my RDS Gateway server IP address.

The SSL certificate is some kind of security measure (like a password). So in the field I was initially inquiring about, I input "MyCompany.noip.com"

Do I have this right?

You are quite correct there.
The SSL isn't a security measure perse, it just encrypts the traffic end-to-end to prevent snooping of this traffic. But ANYONE can connect to your server to start hacking (don't be scared, just an example), the hack is just encrypted. A real security measure would be to have only the users connect to it that should have access to it (for instance, collect all IP numbers from all users, and input that in the firewall)


I'm beginning to understand. A few more questions if I may..

1. So NOIP.COM does the same thing as something like DNSDYNAMIC.COM, correct? they basically "link" some kind of site name like "MYCOMPANY.COM' to a dynamic IP given to out by someone like Comcast, Verizon DSL, etc.?

2. If we have a static IP address, we would input that into the "SSL certificate field"?

3. What are some of the practical applications after someone sets up all this RDS stuff?


DNSDYNAMIC.COM looks kind of check. On the other hand, NOIP has been around for decades, and has more expertise, better documentation etc etc etc.
Both have the same function, just add an A record for your own made up sub hostname (with a limited number of domainnames to choose from).

You don't even need a static IP address. The function of those dynamic DNS services, is not only to add a name to the IP, but also keep the record up to date with the current IP address (if you have dynamic ip numbers, install a client that will keep it up to date). You put the name in the SSL certificate field.

The only practical application is to let everyone know this hostname (which is much easier to remember than an IP number, if you chose a simple hostname of course)


I see. We do have a static IP address.

Would we still be better off using NOIP.COM, just because the name would be easier to remember?

So if we chose a name like ACME.NOIP.COM (and added an A record), that domain name is what we would put into the SSL certificate field?

But the reason for NOIP.com is not just the name, it's because it's more trustworthy and more professional than the link you provided earlier (looked less than  amateur-ish, and might even flag it as untrustworthy)


Thanks everyone!