Link to home
Create AccountLog in
Avatar of hoffmanconsultingllc
hoffmanconsultingllcFlag for United States of America

asked on

2012 R2 RDS Certificate installation

Hello,

I am attempting to install SSL certs for our RDS Farm. Internal domain is domain.local and external site will be portal.company.com

I was wondering what the correct procedure was for deploying the certs to all hosts.

Thanks,
Avatar of rowansmith
rowansmith

If you are using a commercial CA (eg Verisign/ GoDaddy etc) then you will only be able to get a certificate with your real hostname in it (eg, portal.company.com).

If you are using a private/internal CA then you will be able to create certificates which contain both the internal and external hostnames (and if you like the IP Addresses) of your hosts.  If you're using an internal CA then you will need to distribute your root certificate to all of your end users/clients so that they don't receive certificate warnings.

If you are following the commercial CA route, then the best option is to utilize split a DNS solution.  Internally, when your users access portal.company.com they will receive a different IP address than if they access it via the Internet.  Because SSL certificates are matched on hostname and not IP address, this will solve any potential certificate mismatch issue.
ASKER CERTIFIED SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account