locked
Renewing Certificate in Server 2012 RRS feed

  • Question

  • Hi,

    I have a certificate installed on our Remote Desktop Server. I didn't set it up initially, so maybe it's not set up right and that's why I'm having trouble, but it's been working, so if something is wrong it doesn't seem to affect things .. until now.

    My Godaddy certificate is set to expire in about a week and a half. This isn't for iis, we just run RD from this machine.  In MMC Console Root>Certificates (Local Computer)>Personal>Certificates I see this two things set to expire on the same day:

    One issued by Godaddy Secure Certificate Authority - G2 to rd.domain.com

    One issued by  rd.domain.com to  rd.domain.com

    Both have an intended purpose of Client Authentication, Server Authentication. clients connect to rd by going to rd.domain.com in Microsoft Remote Desktop.

    The latter certificate(issued from and to rd.domain.com) is also listed under intermediate certification authorities > Certificates.

    Under remote desktop > Certificates and Personal > certificates, what looks like a self-signed certificate exists for this machine, using a "remotedesktopservername.domaincontrollername.local" in the issued from/to columns.  Not  sure what that's all about.

    I renewed on the godaddy website and downloaded the new certificates.

    I have tried importing the crt and the gd-bundle-g2-g1, as well as the intermediate p7b file.

    In every case, the import wizard says it imported successfully, but the expiration date does not change.  Will it update automatically when the old one expires and is just invisible until then?  Or is windows wrong and it's not successfully importing them?  If the latter, how do I renew the certificate?

    Thanks much!

    Jeff

    Thursday, May 12, 2016 4:42 PM

Answers

  • How are you importing the CRT back from Godaddy? I recommend you go into certlm.msc and right click the folder you want to import it to. If you are just double clicking the file and importing, it will add it to your personal certificate store rather than the computer's.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

    Thursday, May 12, 2016 7:41 PM

All replies

  • How are you importing the CRT back from Godaddy? I recommend you go into certlm.msc and right click the folder you want to import it to. If you are just double clicking the file and importing, it will add it to your personal certificate store rather than the computer's.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

    Thursday, May 12, 2016 7:41 PM
  • That's what I've been trying.  It says it imported, no error or anything. But the old certificate with the original expiration date is still there.  No new one appears in the list (even on refresh).

    Thanks,

    Jeff

    Wednesday, May 18, 2016 3:34 PM