Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

setup secured connection in my Windows 2012 RDS environment

Posted on 2016-08-10
5
47 Views
Last Modified: 2016-08-24
I need to setup secured connection for my Windows 2012 RDS environment.

If I do not use a wild card cert, is it possible to create a CSR that includes the host name of my RDS component servers?  So, I can add that to the RD Connection Broker - Enable Single Sign On and Publishing role service on my broker server.

If yes, please instruct how.  Thanks.
0
Comment
Question by:nav2567
  • 3
  • 2
5 Comments
 
LVL 39

Expert Comment

by:Adam Brown
ID: 41751264
Yes, it's possible. You have to use the certificates MMC snap-in to do it, though. https://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx has instructions under the section "To use the Certificate Enrollment wizard with a standalone CA"
0
 

Author Comment

by:nav2567
ID: 41751416
Thanks.

According to the instruction, under Certificate Properties>Subject Name>Type>Common Name>VALUE, do I need to Add all FQDN of my farm servers?  

mybroker.mydomain.com
myrdsh1.mydomain.com
myrdsh2.mydomain.com???

Do I need to specify any Alternative Name?

In the farm, I also have a web server (mywebserver.mydomain.com) which hosts a client website rdweb.mydomain.com.  

Do I enter the rdweb.mydomain.com and mywebserver.mydomain.com in the Common Name>Value also?

I do not plan to use the RD Gateway as the rdweb site is only used internally.
0
 

Author Comment

by:nav2567
ID: 41751435
Also, besides using certreq, is there another gui way to complete the certificate enrollment?
0
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41751438
The certificates snapin is the only way if IIS is not installed. If IIS is installed, you can build a certificate request in there, but it doesn't let you build SAN certs.

The Common Name is going to be just one of the names you use to access the server with. You will add the rest of the names as Alternate names. SAN stands for Subject Alternate Name in this context. So, for example, you could use rdweb.mydomain.com as the Common name (or the farm name as the common name, up to you), then add the remaining FQDNs as Alternate names. It doesn't matter which name you use for the Common name, as long as all the FQDNs you use are listed as either the Common name or an Alternate Name.
0
 

Author Comment

by:nav2567
ID: 41751458
Adam, thanks!!!

Besides using certreq, is there another gui way to complete the certificate enrollment?

If no, would you help me out with the command parameters I will need once I have the mycert.crt and mycert.p7b (intermediate cert) from a 3rd party cA?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix policies are the most efficient method to configure and tune XenDesktop environments, allowing organizations to control connection, security and bandwidth settings based on various combinations of users, devices or connection types.  Citrix …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question