setup secured connection in my Windows 2012 RDS environment

I need to setup secured connection for my Windows 2012 RDS environment.

If I do not use a wild card cert, is it possible to create a CSR that includes the host name of my RDS component servers?  So, I can add that to the RD Connection Broker - Enable Single Sign On and Publishing role service on my broker server.

If yes, please instruct how.  Thanks.
nav2567Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam BrownSr Solutions ArchitectCommented:
Yes, it's possible. You have to use the certificates MMC snap-in to do it, though. https://technet.microsoft.com/en-us/library/ff625722(v=ws.10).aspx has instructions under the section "To use the Certificate Enrollment wizard with a standalone CA"
0
nav2567Author Commented:
Thanks.

According to the instruction, under Certificate Properties>Subject Name>Type>Common Name>VALUE, do I need to Add all FQDN of my farm servers?  

mybroker.mydomain.com
myrdsh1.mydomain.com
myrdsh2.mydomain.com???

Do I need to specify any Alternative Name?

In the farm, I also have a web server (mywebserver.mydomain.com) which hosts a client website rdweb.mydomain.com.  

Do I enter the rdweb.mydomain.com and mywebserver.mydomain.com in the Common Name>Value also?

I do not plan to use the RD Gateway as the rdweb site is only used internally.
0
nav2567Author Commented:
Also, besides using certreq, is there another gui way to complete the certificate enrollment?
0
Adam BrownSr Solutions ArchitectCommented:
The certificates snapin is the only way if IIS is not installed. If IIS is installed, you can build a certificate request in there, but it doesn't let you build SAN certs.

The Common Name is going to be just one of the names you use to access the server with. You will add the rest of the names as Alternate names. SAN stands for Subject Alternate Name in this context. So, for example, you could use rdweb.mydomain.com as the Common name (or the farm name as the common name, up to you), then add the remaining FQDNs as Alternate names. It doesn't matter which name you use for the Common name, as long as all the FQDNs you use are listed as either the Common name or an Alternate Name.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nav2567Author Commented:
Adam, thanks!!!

Besides using certreq, is there another gui way to complete the certificate enrollment?

If no, would you help me out with the command parameters I will need once I have the mycert.crt and mycert.p7b (intermediate cert) from a 3rd party cA?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.