Solved

setup secured connection in my Windows 2012 RDS environment

Posted on 2016-08-10
5
51 Views
Last Modified: 2016-08-24
I need to setup secured connection for my Windows 2012 RDS environment.

If I do not use a wild card cert, is it possible to create a CSR that includes the host name of my RDS component servers?  So, I can add that to the RD Connection Broker - Enable Single Sign On and Publishing role service on my broker server.

If yes, please instruct how.  Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 41

Expert Comment

by:Adam Brown
ID: 41751264
Yes, it's possible. You have to use the certificates MMC snap-in to do it, though. https://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx has instructions under the section "To use the Certificate Enrollment wizard with a standalone CA"
0
 

Author Comment

by:nav2567
ID: 41751416
Thanks.

According to the instruction, under Certificate Properties>Subject Name>Type>Common Name>VALUE, do I need to Add all FQDN of my farm servers?  

mybroker.mydomain.com
myrdsh1.mydomain.com
myrdsh2.mydomain.com???

Do I need to specify any Alternative Name?

In the farm, I also have a web server (mywebserver.mydomain.com) which hosts a client website rdweb.mydomain.com.  

Do I enter the rdweb.mydomain.com and mywebserver.mydomain.com in the Common Name>Value also?

I do not plan to use the RD Gateway as the rdweb site is only used internally.
0
 

Author Comment

by:nav2567
ID: 41751435
Also, besides using certreq, is there another gui way to complete the certificate enrollment?
0
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41751438
The certificates snapin is the only way if IIS is not installed. If IIS is installed, you can build a certificate request in there, but it doesn't let you build SAN certs.

The Common Name is going to be just one of the names you use to access the server with. You will add the rest of the names as Alternate names. SAN stands for Subject Alternate Name in this context. So, for example, you could use rdweb.mydomain.com as the Common name (or the farm name as the common name, up to you), then add the remaining FQDNs as Alternate names. It doesn't matter which name you use for the Common name, as long as all the FQDNs you use are listed as either the Common name or an Alternate Name.
0
 

Author Comment

by:nav2567
ID: 41751458
Adam, thanks!!!

Besides using certreq, is there another gui way to complete the certificate enrollment?

If no, would you help me out with the command parameters I will need once I have the mycert.crt and mycert.p7b (intermediate cert) from a 3rd party cA?
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question