locked
Install updated GoDaddy Certificate for RDC on 2012r2 RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I have a certificate that was installed by the company that installed the server. It's about to expire. I have a new one and got it installed on the machine so it's now listed along with the old one in certlm under Certificates - Local Computer > Remote Desktop > Certificates.

    When I go to Server Manager > Overview > Tasks > Edit Deployment Properties > Certificates, then Get Details it looks like it's using the old one as it has the sooner expiration date.

    How do I tell Remote Desktop to use the new certificate?

    When I click Select Existing Certificate it gives me a couple choices, both with a passoword. What password is this? Is it provided by GoDaddy? I remember downloading the certificate but don't think I ever got prompted for a password.

    Also, it's looking for a "pfx" but godaddy gave me a "cert". Do I need to start again or is there a way to covert one kind to another?

    Thanks,

    Jeff

    Tuesday, May 9, 2017 11:12 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Victory!

    Here’s what happened:

    Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

    I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

    This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

    Thanks,

    Jeff

    Ps - every time I need to renew or generate certificates my gut tightens. I really hope some day soon they come to a consensus on file types, extensions, etc, so all that’s required is “new Cert - wait for Bit size - submit request - get certificate - Apply.” Without all this jumping between snap-ins, plug-ins, import/export garbage. I really don’t like having to dedicate most of a day to something that should really take about 20 minutes tops, including giving an Authority my CC #.

    • Proposed as answer by TP []MVP Tuesday, May 9, 2017 7:23 PM
    • Marked as answer by TP []MVP Tuesday, August 1, 2017 7:45 AM
    Tuesday, May 9, 2017 6:26 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    OK, I was able to figure out how to make an SPX certificate: go into certlm, select both the certificate I got from godady AND the Certificate Authority Certificate (I assume basically, everything you can find that's in the Certificate Path tab of my certificate).

    Now, when I try to add it to my remote Desktop Deployment, I get the message "the specified certificate is not valid. The certificate properties must match the requirements of the role service."

    What Role Service and what box did I forget to check when exporting this thing?

    Thanks,

    Jeff

    Tuesday, May 9, 2017 11:51 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Victory!

    Here’s what happened:

    Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

    I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

    This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

    Thanks,

    Jeff

    Ps - every time I need to renew or generate certificates my gut tightens. I really hope some day soon they come to a consensus on file types, extensions, etc, so all that’s required is “new Cert - wait for Bit size - submit request - get certificate - Apply.” Without all this jumping between snap-ins, plug-ins, import/export garbage. I really don’t like having to dedicate most of a day to something that should really take about 20 minutes tops, including giving an Authority my CC #.

    • Proposed as answer by TP []MVP Tuesday, May 9, 2017 7:23 PM
    • Marked as answer by TP []MVP Tuesday, August 1, 2017 7:45 AM
    Tuesday, May 9, 2017 6:26 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Glad to hear that the issue is resolved, thank you for sharing the solution with forum community members!

    Please remember to mark the solution as answer so that it'd more efficient for others to find helpful information.

    Best Regards,

    Amy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 10, 2017 2:19 AM