RDS 2012 - Certificate Setup

All replies

• 

  

  1

  Sign in to vote

  How/where do I create certificate requests for my RDS servers?

  Is it only on RDGW1.domain.local i do a request for remote.domain.com, or must it be a wildcard or SAN cert deployd to all three servers?

  
  You only need to configure your SSL cert in the deployment properties dialog box in the RDCB server.You need to use the Cert for SSO,PUBLISHING,RDWA and RDG.You can buy 3-party SSL certificate for them respectively.For SSO and Publishing,you can use a Wildcard Cert with *.domain.local in the subject line.For RDWA and RDG,you need to use *.domain.com in the subject line.
  
  

  Regards,

  Clarence

  TechNet Subscriber Support

  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.

  ---

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  
  

  • Edited by Clarence Zhang Friday, January 18, 2013 6:37 AM

  Friday, January 18, 2013 6:37 AM
• 

  

  0

  Sign in to vote

  Thank you for your answer Clarence.

  In Deployment Properties | Certificates on the server RDGW1.domain.local (WebAccess, Gateway, Licensing, Broker),  I can choose New Certificate and Existing Certificate.

  When i create a Certificate, it creates a self signed .pfx Cert. If a Select Existing Certificate, I can select an existing Cert...

  But, i can´t find how to do the Certificate Request to send to a 3-party CA?  I´m missing something...

  ---

  MrSWE

  
  

  • Edited by port443 Friday, January 18, 2013 9:59 AM

  Friday, January 18, 2013 9:58 AM
• 

  

  0

  Sign in to vote

  Sorry for bumping ths thread.

  Where/how do I create certificate Requests to send to 3-part CA:s in RDS 2012 environment?
  

  I really cant fint how to do it in RDS Deployment Properties or in PS. Is it in IIS?

  ---

  
  

  
  

  • Edited by port443 Tuesday, January 22, 2013 10:22 AM

  Tuesday, January 22, 2013 10:21 AM
• 

  

  0

  Sign in to vote

  Yes.Click the server home page in the IIS,double-Click the server certificate in the middle section,and then you can see create cert request in the right section.

  ---

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Marked as answer by port443 Thursday, January 24, 2013 6:45 PM

  Thursday, January 24, 2013 7:02 AM
• 

  

  0

  Sign in to vote

  Hi Clarence ,

  I am confused here, what i understand from your post is that for 

  RD GW =*.domain.com , RD WebA=*.domain.com , & SSO=*.domain.local , Pub =*.domain.local  Certificates should apply. 

  I had wildcard SSL/SAN ( *.domain.com) certificate which I  already applied on all of roles of RDS. Which I think is the reason that SSO is not working.

  

  Please guide me that how I will able to create *.domain.local certificates.

  Regards

  TShabbir

  Tuesday, February 12, 2013 10:35 PM
• 

  

  2

  Sign in to vote

  Hi

  I know this is an old thread but thought it was worth a go. I have the same setup. I.E my external users access RDS though a valid public FQDN remote.domain.com. However my internal domain is domain.local. There has been a suggestion to buy a certificate with the relevant SANs for my internal server domains. However Public CAs are soon to discontinue issuing certificates for .local domains. What would you suggest I do? Is there another way around this problem?

  Tuesday, June 25, 2013 8:41 PM
• 

  

  0

  Sign in to vote

  I Also have this problem.

  • Proposed as answer by Buganic Monday, October 14, 2013 1:44 PM
  • Unproposed as answer by Buganic Monday, October 14, 2013 1:44 PM

  Friday, August 30, 2013 1:58 PM
• 

  

  0

  Sign in to vote

  I read a lot of the step by step guides talk about wild card certs. There is a simpler way and less costly as wild card certs tend to be expensive. The issue I faced (as others have) is that my server FQDN had a “. local”  When the RDP file was generated by the Gateway/RDWEB signon process, it put that in the “computer name” field of the .rdp file.

  The fix

  • Generic My RDGW is set to remote.acmebird.com
  • My RDWA is set to remote.acmebird.local
  • My SSL Certificate is installed on RD Connection Broker Single Sign on, RD Connection Broker Publisher, RD Web Acces, and RD Gateway
  • My default web page in IIS/RDWEB (DefaultTSGateway) is remote.acmebird.com

  Set-RDSessionCollectionConfiguration –CollectionName QuickSessionCollection -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.csbs.org"

  But if there are spaces in your Collection Name see this example

  Set-RDSessionCollectionConfiguration –CollectionName "<your Session Collection Name " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:<your public FQDN>"

  Example

  Set-RDSessionCollectionConfiguration –CollectionName "Acmebird Co. Desktops" -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.acmebird.com"

  Notes:

  I only have an SSL cert for the public server name (remote.acmebird.com in my example)

  See: http://blog.concurrency.com/infrastructure/remote-desktop-services/remote-desktop-cant-find-the-computer-through-rdweb-and-gateway/

  BUT Note! Leave radcmserver set to remote.acmebird.local  (in my example)

   

  Hope this helps!

   

  Nick

  Monday, October 14, 2013 1:47 PM