none
RDS 2012 - Certificate Setup

    Frage

  • Hi experts!

    Servername: Roles:

    RDGW1.domain.local WebAccess, Gateway, Licensing, Broker

    RDSH01.domain.local Session Host

    RDS02.domain.local Session Host

    External URL to WebAccess Server: remote.domain.com

    Ok, so far so good.

    Now we want to secure this setup with 3-party SSL certificates.

    I have Binged my ass off, but cant really find any good answers.

    How/where do I create certificate requests for my RDS servers?

    Is it only on RDGW1.domain.local i do a request for remote.domain.com, or must it be a wildcard or SAN cert deployd to all three servers?

    any hints would be appreciated, thanks!




    MrSWE

    Mittwoch, 16. Januar 2013 23:52

Antworten

  • Yes.Click the server home page in the IIS,double-Click the server certificate in the middle section,and then you can see create cert request in the right section.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Als Antwort markiert port443 Donnerstag, 24. Januar 2013 18:45
    Donnerstag, 24. Januar 2013 07:02

Alle Antworten

  • How/where do I create certificate requests for my RDS servers?

    Is it only on RDGW1.domain.local i do a request for remote.domain.com, or must it be a wildcard or SAN cert deployd to all three servers?


    You only need to configure your SSL cert in the deployment properties dialog box in the RDCB server.You need to use the Cert for SSO,PUBLISHING,RDWA and RDG.You can buy 3-party SSL certificate for them respectively.For SSO and Publishing,you can use a Wildcard Cert with *.domain.local in the subject line.For RDWA and RDG,you need to use *.domain.com in the subject line.

    Regards,

    Clarence

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    Freitag, 18. Januar 2013 06:37
  • Thank you for your answer Clarence.

    In Deployment Properties | Certificates on the server RDGW1.domain.local (WebAccess, Gateway, Licensing, Broker),  I can choose New Certificate and Existing Certificate.

    When i create a Certificate, it creates a self signed .pfx Cert. If a Select Existing Certificate, I can select an existing Cert...

    But, i can´t find how to do the Certificate Request to send to a 3-party CA?  I´m missing something...


    MrSWE


    • Bearbeitet port443 Freitag, 18. Januar 2013 09:59
    Freitag, 18. Januar 2013 09:58
  • Sorry for bumping ths thread.

    Where/how do I create certificate Requests to send to 3-part CA:s in RDS 2012 environment?

    I really cant fint how to do it in RDS Deployment Properties or in PS. Is it in IIS?




    • Bearbeitet port443 Dienstag, 22. Januar 2013 10:22
    Dienstag, 22. Januar 2013 10:21
  • Yes.Click the server home page in the IIS,double-Click the server certificate in the middle section,and then you can see create cert request in the right section.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    • Als Antwort markiert port443 Donnerstag, 24. Januar 2013 18:45
    Donnerstag, 24. Januar 2013 07:02
  • Hi Clarence ,

    I am confused here, what i understand from your post is that for 

    RD GW =*.domain.com , RD WebA=*.domain.com , SSO=*.domain.local , Pub =*.domain.local  Certificates should apply. 

    I had wildcard SSL/SAN ( *.domain.com) certificate which I  already applied on all of roles of RDS. Which I think is the reason that SSO is not working.

    Please guide me that how I will able to create *.domain.local certificates.

    Regards

    TShabbir

    Dienstag, 12. Februar 2013 22:35
  • Hi

    I know this is an old thread but thought it was worth a go. I have the same setup. I.E my external users access RDS though a valid public FQDN remote.domain.com. However my internal domain is domain.local. There has been a suggestion to buy a certificate with the relevant SANs for my internal server domains. However Public CAs are soon to discontinue issuing certificates for .local domains. What would you suggest I do? Is there another way around this problem?

    Dienstag, 25. Juni 2013 20:41
  • I Also have this problem.
    • Als Antwort vorgeschlagen Buganic Montag, 14. Oktober 2013 13:44
    • Nicht als Antwort vorgeschlagen Buganic Montag, 14. Oktober 2013 13:44
    Freitag, 30. August 2013 13:58
  • I read a lot of the step by step guides talk about wild card certs. There is a simpler way and less costly as wild card certs tend to be expensive. The issue I faced (as others have) is that my server FQDN had a “. local”  When the RDP file was generated by the Gateway/RDWEB signon process, it put that in the “computer name” field of the .rdp file.

    The fix

    • Generic My RDGW is set to remote.acmebird.com
    • My RDWA is set to remote.acmebird.local
    • My SSL Certificate is installed on RD Connection Broker Single Sign on, RD Connection Broker Publisher, RD Web Acces, and RD Gateway
    • My default web page in IIS/RDWEB (DefaultTSGateway) is remote.acmebird.com

    Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.csbs.org"

    But if there are spaces in your Collection Name see this example

    Set-RDSessionCollectionConfiguration –CollectionName "<your Session Collection Name " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:<your public FQDN>"

    Example

    Set-RDSessionCollectionConfiguration –CollectionName "Acmebird Co. Desktops" -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.acmebird.com"

    Notes:

    I only have an SSL cert for the public server name (remote.acmebird.com in my example)

    See: http://blog.concurrency.com/infrastructure/remote-desktop-services/remote-desktop-cant-find-the-computer-through-rdweb-and-gateway/

    BUT Note! Leave radcmserver set to remote.acmebird.local  (in my example)

     

    Hope this helps!

     

    Nick

    Montag, 14. Oktober 2013 13:47