2012 R2 RDS Certificate installation

hoffmanconsultingllc used Ask the Experts™

I am attempting to install SSL certs for our RDS Farm. Internal domain is domain.local and external site will be portal.company.com

I was wondering what the correct procedure was for deploying the certs to all hosts.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If you are using a commercial CA (eg Verisign/ GoDaddy etc) then you will only be able to get a certificate with your real hostname in it (eg, portal.company.com).

If you are using a private/internal CA then you will be able to create certificates which contain both the internal and external hostnames (and if you like the IP Addresses) of your hosts.  If you're using an internal CA then you will need to distribute your root certificate to all of your end users/clients so that they don't receive certificate warnings.

If you are following the commercial CA route, then the best option is to utilize split a DNS solution.  Internally, when your users access portal.company.com they will receive a different IP address than if they access it via the Internet.  Because SSL certificates are matched on hostname and not IP address, this will solve any potential certificate mismatch issue.
Distinguished Expert 2017
Install meaning you've obtained a certificate?

As rowansmith covered, could youp please provide more detail on your situation to clarify what your needs are.

"Deploying certs to all users" suggests that you want certificate based authenticatio into RDs, is that correct?

Internal ca, external connectors?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial