I am not too expert at certificates and need to resolve this issue soon.
I took over one client to help with IT work who have a RDS server. Basically couple of users work from home to use some RDS apps those are installed on this server, namely, QuickBooks and Outlook 2013. It is server 2012 R2. There are only two users who sometimes work from home.
I noticed that the last SSL was issue by godaddy which recently expired and therefore when I was trying to login to the "remote app" the error I was getting was pointing to the expired SSL and hence the app wont open.
Steps that users follow to run RDS apps on their local machine are as following:
- Visit: https://remote.domain.com/rdweb
- it shows a cert error that site is not secure. Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
- We continue regardless
- After login as the user - domain\username
- We see the remote apps and desktop
- Click on QuickBooks app to run locally on the computer
- Click open and then Allow
- It ask for username and password in a window, enter the domain\user and password
- Box pop up with an error message.
In order to avoid this message and have users still work, I created a self-signed certificate using following steps:
- Opened RD Gateway manager on the RDS server
- Right click properties
- SSL Certificate tab
- Clicked on "create a self-signed certificate"
- Created a new self-signed ceritifThis computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network adminicate and then copied it to "Trusted Root certificates"
It is now showing that The following cert is installed on "RDS server"
Issued to: Myselfsignedcert-RDSServer.domain.local
Issued by: Myselfsignedcert-RDSServer.domain.local
However after making these changes I am still not able to run the RDS apps from remote client computers ( windows 10 home computer ) and the error is coming as:
This computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network admin
Does this mean that I need to buy the certificate from other companies like Godaddy and only then it will work ?
If yes for sure, what kind of cert I need to buy and what are the steps involved.
Can self-signed certificate work some how ?
( Sorry my knowledge in this area is very limited )
thank you in advance.