Mundy

IT Knowledge Base

User Tools

Site Tools


Sidebar

Contact me at dan@mundy.co for any feedback or suggestions.


My other sites:

Search all my sites:

ssl_certificates_for_remote_desktop_services

SSL Certificates for Remote Desktop Services

Recently, all public certificate providers are stopping issuing certificates with ‘.LOCAL’ in them

Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services | Ask the Performance Team Blog - also includes good info on wildcard / SAN certificate options




Install Certificate on Session Host

Source: RDS 2012 session host certificate assignment

Applies to: Server 2012 and 2012 R2 (confirmed on R2)

$pass = ConvertTo-SecureString "PasswordToThePFXFile" -AsPlainText -Force
$thumbprint = (Import-PfxCertificate -Password $pass -CertStoreLocation cert:\localMachine\my -FilePath 'C:\CalibreOne\cert\export.pfx').thumbprint
$path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}

Installing certificate on the Gateway




Assuming you have a real (eg GoDaddy) certificate in PFX format (if it's already is mmc, right click in and export, along with private key),

There's several places where this needs to be imported into the RD Gateway

  1. In RD Gateway Manager, Right click the server, properties, SSL Certificate tab
  2. In the Deployment properties, select each role service, “Select existing certificate”, “Choose a different certificate”, browse to the PFX and enter the password. Do the same for each role service. Use the same certificate for all (suggest a wildcard eg *.mundy.co)
ssl_certificates_for_remote_desktop_services.txt · Last modified: 2018/04/09 09:56 (external edit)