locked
RDS 2012 - No Wildcard Certificate RRS feed

  • Question

  • Hi all,

    I will be using indivisual certificates per component so I will have a certificate for broker.domain.com, gateway.domain.com and webaccess@domain.com. These will be used from within the RDS console to deploy the certificates to the componenets.

    My question is, do I need to do anything else for the RDS Session Host servers (or will the use the certificates above)? Will i need a certificate per server and if so does it need to be in the format SessionHost1.domain.com?

    Thanks.

    Tuesday, October 7, 2014 7:26 AM

Answers

  • Hi,

    If things are configured properly and the clients are at least RDP 8.0 capable or higher, then you do not need certificates for each RDSH server.

    It is okay to use multiple single-name certificates for the different purposes in your RDS deployment properties, however, a single wildcard for all purposes is preferred (from a performance standpoint) so that the client does not have to do a revocation check on multiple certificates.

    -TP

    Wednesday, October 8, 2014 2:48 PM
  • Hi Grif,

    Do you need any further assistance?

    Thanks


    Dharmesh Solanki

    TechNet Community Support

    • Marked as answer by Grif123 Thursday, October 9, 2014 7:02 AM
    Thursday, October 9, 2014 1:14 AM

All replies

  • Hi,

    Thank you for posting in Windows Server Forum.

    As per my research, I can say that if you have less server than you can follow the same procedure of certificate and can use that. But personally if you have more server then suggest you to purchase wildcard certificate for your environment. Because with wildcard certificate you just need to purchase one certificate and can use for your installed roles.

    Please check below article for more details.
    Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
    http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

    Hope it helps!

    Thanks.

    Dharmesh Solanki

    TechNet Community Support

    Wednesday, October 8, 2014 6:45 AM
  • Thanks for getting back to me.

    I read that article and I'm clear on the requirements for the certificates for broker, webaccess and gateway.

    I was just looking for clarification on the requirements for each Session Host server in the farm. Do they need individual certificates and if so are they applied from the RDS management change or on the session host servers themselves?

    Thanks again.

    Wednesday, October 8, 2014 7:02 AM
  • Hi,

    If things are configured properly and the clients are at least RDP 8.0 capable or higher, then you do not need certificates for each RDSH server.

    It is okay to use multiple single-name certificates for the different purposes in your RDS deployment properties, however, a single wildcard for all purposes is preferred (from a performance standpoint) so that the client does not have to do a revocation check on multiple certificates.

    -TP

    Wednesday, October 8, 2014 2:48 PM
  • Hi Grif,

    Do you need any further assistance?

    Thanks


    Dharmesh Solanki

    TechNet Community Support

    • Marked as answer by Grif123 Thursday, October 9, 2014 7:02 AM
    Thursday, October 9, 2014 1:14 AM
  • That's exactly what I needed to clarify. Thanks a lot for that.
    Thursday, October 9, 2014 7:02 AM