asked on
Unable to import SSL certificate into RD Gateway Manager
Hello, I am having trouble with a newly purchased SSL cert from Symantec. The cert is for a Windows Server 2008 R2 server for securing RDS connections. I used the Symantec SSL assistant to generate a CSR and selected ECC encryption (this may be the root issue).
When I received the SSL cert from Symantec I used the Symantec install assistant to install cert on server. Then using the Server certificate console I exported the cert to a .pfx cert.
In the RD Gateway Manager I completed the following steps to import cert.
1. Import a certificate into the RD Gateway "server name"
2. I browse to the "myserver.domain.com.pfx" cert
3. Entered private key password (created when I exported cert)
4. Message: The Certificate "...." was successfully imported to the RD Gateway server
5. I click OK on the successfully imported message and then click Apply on SSL certificate tab
6. Message: To set the new certificate, you must restart the RD Gateway service......
7. I click on Yes and the following error message is displayed:
The certificate cannot be set in Internet Information Services (IIS).
There are two district errors in the TerminalServices-Gateway log:
Log Name: Microsoft-Windows-Terminal
Source: Microsoft-Windows-Terminal
Date: 1/9/2016 8:08:35 PM
Event ID: 3001
Task Category: (7)
Level: Error
Keywords: (33554432)
User: ******\Administrator
Computer: *******
Description:
The RD Gateway server certificate cannot be changed. The following error occurred: "1303". Verify the certificate and try changing the certificate again.
Log Name: Microsoft-Windows-Terminal
Source: Microsoft-Windows-Terminal
Date: 1/9/2016 8:08:35 PM
Event ID: 519
Task Category: (7)
Level: Error
Keywords: (33554432)
User: ****\Administrator
Computer: **********
Description:
The server certificate is not valid because the public key of the certificate contains an object identifier (also known as OID) of 2.5.29.15, but does not support the Extended Key Usage (EKU) for encryption. For the "Request clients to send a statement of health" setting that is enabled on this RD Gateway server to function, if the certificate that you plan to use contains an OID of 2.5.29.15, you must ensure that one of the following key usage values for this certificate is also set: (1) CERT_KEY_ENCIPHERMENT_KEY_
Has anyone encountered this issue before? Any assistance or guidance will be greatly appreciated.
When I received the SSL cert from Symantec I used the Symantec install assistant to install cert on server. Then using the Server certificate console I exported the cert to a .pfx cert.
In the RD Gateway Manager I completed the following steps to import cert.
1. Import a certificate into the RD Gateway "server name"
2. I browse to the "myserver.domain.com.pfx" cert
3. Entered private key password (created when I exported cert)
4. Message: The Certificate "...." was successfully imported to the RD Gateway server
5. I click OK on the successfully imported message and then click Apply on SSL certificate tab
6. Message: To set the new certificate, you must restart the RD Gateway service......
7. I click on Yes and the following error message is displayed:
The certificate cannot be set in Internet Information Services (IIS).
There are two district errors in the TerminalServices-Gateway log:
Log Name: Microsoft-Windows-Terminal
Source: Microsoft-Windows-Terminal
Date: 1/9/2016 8:08:35 PM
Event ID: 3001
Task Category: (7)
Level: Error
Keywords: (33554432)
User: ******\Administrator
Computer: *******
Description:
The RD Gateway server certificate cannot be changed. The following error occurred: "1303". Verify the certificate and try changing the certificate again.
Log Name: Microsoft-Windows-Terminal
Source: Microsoft-Windows-Terminal
Date: 1/9/2016 8:08:35 PM
Event ID: 519
Task Category: (7)
Level: Error
Keywords: (33554432)
User: ****\Administrator
Computer: **********
Description:
The server certificate is not valid because the public key of the certificate contains an object identifier (also known as OID) of 2.5.29.15, but does not support the Extended Key Usage (EKU) for encryption. For the "Request clients to send a statement of health" setting that is enabled on this RD Gateway server to function, if the certificate that you plan to use contains an OID of 2.5.29.15, you must ensure that one of the following key usage values for this certificate is also set: (1) CERT_KEY_ENCIPHERMENT_KEY_
Has anyone encountered this issue before? Any assistance or guidance will be greatly appreciated.
SSL / HTTPSWindows Server 2008
Last Comment
ITMgmtPro