none
Certificates for SSO Using a Broker

    질문

  • There is is so much info on this forum about certificates that my head is swimming and I need some clarification.

    I have a straight forward test environment all on Hyper-V (2k8 R2). I have 3 session hosts in a farm, a broker/RDweb server and a gateway server. At this point all I am trying to do is get SSO working for remote apps in the farm. I can get SSO working OK on a single stand-alone session host but not once i create the farm and point RDweb to the broker. I've been using this blog http://blogs.msdn.com/b/rds/archive/2009/08/11/introducing-web-single-sign-on-for-remoteapp-and-desktop-connections.aspx? as my starting point but my stumbling point is the certificates I think. There is a lot of talk on these forums about the certs on all the session hosts (and possibly the broker too) needing to have the same name but how do I get a cert configured like this and what name should I use?

    I have a Enterprise CA set up in my domain and I'm clear on how to request a new cert for authenticating a single server at a time but I really haven't got a clue how request a cert that I can use on more than one server. Can someone please enlighten me on the process of requesting a cert for SSO and on which servers this cert should be installed.

    Cheers

    Craig


    Hibs Ya Bass!

    2012년 6월 22일 금요일 오전 2:38

답변

  • Hi,

    Thanks for your post.

    You can request one SAN certificate for your CA. Ensure that the farm name, session host servers, connection broker name all in SAN attribute. Then, import the cert in all the servers in farm.

    Steps:

    1. On all RDS server, open RemoteApp Manager, under Digital Signature Settings, click Change, select the SAN cert.

    2. On Connection broker, open Remote Desktop Connection Manager, click Specify under Digital certificate, select the SAN cert.

    You may also refer to the following thread discuss the same issue. Hope it helps.

    Using certificates with 2008R2 RDS farm

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d08b96a7-4e3c-4db9-b2ac-d13e02cb6c44/

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    • 답변으로 표시됨 broonster27 2012년 6월 26일 화요일 오후 10:26
    2012년 6월 26일 화요일 오전 5:19
    중재자

모든 응답

  • Hi,

    Thanks for your post.

    You can request one SAN certificate for your CA. Ensure that the farm name, session host servers, connection broker name all in SAN attribute. Then, import the cert in all the servers in farm.

    Steps:

    1. On all RDS server, open RemoteApp Manager, under Digital Signature Settings, click Change, select the SAN cert.

    2. On Connection broker, open Remote Desktop Connection Manager, click Specify under Digital certificate, select the SAN cert.

    You may also refer to the following thread discuss the same issue. Hope it helps.

    Using certificates with 2008R2 RDS farm

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d08b96a7-4e3c-4db9-b2ac-d13e02cb6c44/

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    • 답변으로 표시됨 broonster27 2012년 6월 26일 화요일 오후 10:26
    2012년 6월 26일 화요일 오전 5:19
    중재자
  • Hi,

    Thanks for your post.

    You can request one SAN certificate for your CA. Ensure that the farm name, session host servers, connection broker name all in SAN attribute. Then, import the cert in all the servers in farm.

    Steps:

    1. On all RDS server, open RemoteApp Manager, under Digital Signature Settings, click Change, select the SAN cert.

    2. On Connection broker, open Remote Desktop Connection Manager, click Specify under Digital certificate, select the SAN cert.

    You may also refer to the following thread discuss the same issue. Hope it helps.

    Using certificates with 2008R2 RDS farm

    http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/d08b96a7-4e3c-4db9-b2ac-d13e02cb6c44/

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    What do you enter in the Subject Name for the Common Name?

    Hibs Ya Bass!

    2012년 6월 26일 화요일 오전 5:31
  • Hi,

    You can use a wildcard in the subject name, such as *.domain.com.

    Accepted wildcards used by server certificates for server authentication

    http://support.microsoft.com/kb/258858

    Best Regards,

    Aiden


    Aiden Cao

    TechNet Community Support

    2012년 6월 26일 화요일 오전 5:39
    중재자
  • Many thanks.

    Hibs Ya Bass!

    2012년 6월 26일 화요일 오후 10:27