Solved

setup secured connection in my Windows 2012 RDS environment

Posted on 2016-08-10
5
50 Views
Last Modified: 2016-08-24
I need to setup secured connection for my Windows 2012 RDS environment.

If I do not use a wild card cert, is it possible to create a CSR that includes the host name of my RDS component servers?  So, I can add that to the RD Connection Broker - Enable Single Sign On and Publishing role service on my broker server.

If yes, please instruct how.  Thanks.
0
Comment
Question by:nav2567
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 41751264
Yes, it's possible. You have to use the certificates MMC snap-in to do it, though. https://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx has instructions under the section "To use the Certificate Enrollment wizard with a standalone CA"
0
 

Author Comment

by:nav2567
ID: 41751416
Thanks.

According to the instruction, under Certificate Properties>Subject Name>Type>Common Name>VALUE, do I need to Add all FQDN of my farm servers?  

mybroker.mydomain.com
myrdsh1.mydomain.com
myrdsh2.mydomain.com???

Do I need to specify any Alternative Name?

In the farm, I also have a web server (mywebserver.mydomain.com) which hosts a client website rdweb.mydomain.com.  

Do I enter the rdweb.mydomain.com and mywebserver.mydomain.com in the Common Name>Value also?

I do not plan to use the RD Gateway as the rdweb site is only used internally.
0
 

Author Comment

by:nav2567
ID: 41751435
Also, besides using certreq, is there another gui way to complete the certificate enrollment?
0
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 41751438
The certificates snapin is the only way if IIS is not installed. If IIS is installed, you can build a certificate request in there, but it doesn't let you build SAN certs.

The Common Name is going to be just one of the names you use to access the server with. You will add the rest of the names as Alternate names. SAN stands for Subject Alternate Name in this context. So, for example, you could use rdweb.mydomain.com as the Common name (or the farm name as the common name, up to you), then add the remaining FQDNs as Alternate names. It doesn't matter which name you use for the Common name, as long as all the FQDNs you use are listed as either the Common name or an Alternate Name.
0
 

Author Comment

by:nav2567
ID: 41751458
Adam, thanks!!!

Besides using certreq, is there another gui way to complete the certificate enrollment?

If no, would you help me out with the command parameters I will need once I have the mycert.crt and mycert.p7b (intermediate cert) from a 3rd party cA?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question