Link to home
Create AccountLog in
Avatar of hoffmanconsultingllc
hoffmanconsultingllcFlag for United States of America

asked on

2012 R2 RDS Certificate installation


I am attempting to install SSL certs for our RDS Farm. Internal domain is domain.local and external site will be

I was wondering what the correct procedure was for deploying the certs to all hosts.

Avatar of rowansmith

If you are using a commercial CA (eg Verisign/ GoDaddy etc) then you will only be able to get a certificate with your real hostname in it (eg,

If you are using a private/internal CA then you will be able to create certificates which contain both the internal and external hostnames (and if you like the IP Addresses) of your hosts.  If you're using an internal CA then you will need to distribute your root certificate to all of your end users/clients so that they don't receive certificate warnings.

If you are following the commercial CA route, then the best option is to utilize split a DNS solution.  Internally, when your users access they will receive a different IP address than if they access it via the Internet.  Because SSL certificates are matched on hostname and not IP address, this will solve any potential certificate mismatch issue.
Avatar of arnold
Flag of United States of America image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account