Remove From My Forums

Problem Installing a SSL Certificate on a RD Server

Question
0

Sign in to vote

I'm trying to install a 3rd party SSL Certificate (GoDaddy) on my RD Session Host server (2008 R2). I generated the request through IIS, received the cert from GoDaddy and imported it into [Certificates(Local Computer)\Personal\Certificates]. I then went to RD Session Host Configuration, and RDP-Tcp, and chose to select certificate.... however, I'm not given a choice...instead I receive a dialogue box saying "There are no certificates installed on this Remote Desktop Session Host server". Any ideas why I cannot choose the cert? Do I request the cert improperly ? I'm stuck here... thanks in advance for any tips!

Scott

Friday, November 19, 2010 7:34 PM

Answers

1

Sign in to vote
It looks like you have the correct certificate but perhaps didn't import it the correct way. Did you create the Certificate Request on the same machine as you imported it? Otherwise you don't have the private key. If not them import the certificate on the same where you created the CR and then export the certificatye and make sure you select to export the private key as well and then import it on the RDS. If you followed the import steps correctly I suggest you contact GoDaddy to make sure the delivered a valid certificate.

Kind regards,
Freek Berson
http://microsoftplatform.blogspot.com/
- Proposed as answer by HackedOffAdmin Saturday, November 20, 2010 11:35 AM
- Marked as answer by skot999 Saturday, November 20, 2010 11:56 PM
Friday, November 19, 2010 8:47 PM

All replies

1

Sign in to vote
Hi Scott,

The basis requirements for Remote Desktop Services Certificates are:

The certificate is installed into computer’s “Personal” certificate store.
The certificate has a corresponding private key.
The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well.

Did you allready check these?

Kind regards,
Freek Berson
http://microsoftplatform.blogspot.com/
- Proposed as answer by Kristin L. GriffinMVP Friday, November 19, 2010 8:21 PM
Friday, November 19, 2010 8:10 PM
0

Sign in to vote

Thanks for the quick reply. Yes, the cert was imported into the computers personal cert store. Being new to SSL Certs...I have a probably obvious question: How do I know if the certificate has a corresponding private key?

Friday, November 19, 2010 8:33 PM
0

Sign in to vote

When you open the MMC, add the certificate management snapin en view the properties of the certificate, it should state there wether or not the it contains the private key.

Kind regards,
Freek Berson
http://microsoftplatform.blogspot.com/

Friday, November 19, 2010 8:38 PM
0

Sign in to vote

It does NOT have an associated private key. Did I request the wrong type of certificate from GoDaddy? Server Authentication is listed...

Friday, November 19, 2010 8:42 PM
1

Sign in to vote
It looks like you have the correct certificate but perhaps didn't import it the correct way. Did you create the Certificate Request on the same machine as you imported it? Otherwise you don't have the private key. If not them import the certificate on the same where you created the CR and then export the certificatye and make sure you select to export the private key as well and then import it on the RDS. If you followed the import steps correctly I suggest you contact GoDaddy to make sure the delivered a valid certificate.

Kind regards,
Freek Berson
http://microsoftplatform.blogspot.com/
- Proposed as answer by HackedOffAdmin Saturday, November 20, 2010 11:35 AM
- Marked as answer by skot999 Saturday, November 20, 2010 11:56 PM
Friday, November 19, 2010 8:47 PM
0

Sign in to vote
The certificate you get from GoDaddy will not have your private key in it. As Freek Berson stated you need to complete the certificate request process on your IIS machine and then export the certificate as a *.p12 or *.pfx type file (ie contains the private key as well). Once you have successfully Imported it you then need to give the service account that Remote Desktop runs under (usually NETWORK SERVICE) permissions to the private key by right clicking and selecting manage private key.
- Proposed as answer by Steve365Tech Thursday, May 10, 2018 8:09 PM
Saturday, November 20, 2010 11:35 AM
0

Sign in to vote

Thanks Freek - that worked perfectly.

Saturday, November 20, 2010 11:56 PM
0

Sign in to vote

HackedOffAdmin-

Could you give me more details on how to give the service account that Remote Desktop runs under permissions to the private key.. where\how do I do this?

Thanks,

Kevin

Friday, January 24, 2014 10:08 AM
0

Sign in to vote

Open MMC with administrator permission and add the certificate snap-in (for the Local Computer). Import your private key (e.g. from the pfx file) into the "Personal" certificate store. Once You have your certificate imported you can right-click it and select All Tasks\Manage Private key. The account only needs read access.

BTW. this thread is over 3 years old!

Friday, January 24, 2014 1:57 PM
0

Sign in to vote

yeah, but I find myself in the same boat.. hope this works. Thanks for the reply.

Friday, January 24, 2014 4:40 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Problem Installing a SSL Certificate on a RD Server

Question

Answers

All replies