Top List Top

Install SSL certificate Remote Desktop Services 2019

How to install an SSL Certificate on Remote Desktop Services?

How to install an SSL Certificate on Remote Desktop Services?

This step by step guide will show you how to install an SSL Certificate on Remote Desktop Services [RDS]. You will also learn a few interesting facts about RDS, and discover the best place to shop for any type of SSL Certificates. If you still haven’t generated your CSR [Certificate Signing Request] and passed the SSL authentication, refer to the CSR Generation tutorials in the first part of this guide.

3 Replies

· · ·

Thai Pepper

OP

MI50 Mar 16, 2020 at 13:43 UTC

Try this

//www.thesslstore.com/knowledgebase/ssl-install/how-to-install-an-ssl-certificate-on-a-remote-...

1

· · ·

Jalapeno

OP

CommodoreP1979 Mar 16, 2020 at 14:17 UTC

Thanks.

I have followed this, but seem to be missing something for steps 4,5,6.

4. In the Properties box, click SSL Certificate, then select Import a certificate on the RD Gateway Certificates [local computer]/personal store

5. Click Browse and Import Certificate, choose the certificate and click Open

6. Enter the Private Key Password

So it is showing two certificates when I click on 5 for:

SERVERNAME.domainname.co.uk
SERVERNAME.DOMAINNAME.CO.UK

It looks like these are the ones I created [the private key?] using this video: //youtu.be/30JnI06Pj74

At the start it mentions I need:

Your server certificate

and

Your intermediate certificates

Which I have that were sent to me in a ZIP file, but the article makes no mention of where to put these and where they go?

Should I be placing these somewhere, or does the private key I am using somehow link to these?

0

· · ·

Thai Pepper

OP

MI50 Mar 17, 2020 at 14:59 UTC

Your private key

This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

Read the link I gave you see if it further explains what your asking

0

· · ·

This topic has been locked by an administrator and is no longer open for commenting.

To continue this discussion, please ask a new question.

Deploy your Remote Desktop environment

Is this page helpful?

Yes No

Any additional feedback?

Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.

Submit

Thank you.

In this article

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016

Use the following steps to deploy the Remote Desktop servers in your environment. You can install the server roles on physical machines or virtual machines, depending on whether you are creating an on-premises, cloud-based, or hybrid environment.

If you are using virtual machines for any of the Remote Desktop Services servers, make sure you have prepared those virtual machines.

  1. Add all the servers you're going to use for Remote Desktop Services to Server Manager:

    1. In Server Manager, click Manage > Add Servers.
    2. Click Find Now.
    3. Click each server in the deployment [for example, Contoso-Cb1, Contoso-WebGw1, and Contoso-Sh2] and click OK.

  2. Create a session-based deployment to deploy the Remote Desktop Services components:

    1. In Server Manager, click Manage > Add Roles and Features.
    2. Click Remote Desktop Services installation, Standard Deployment, and Session-based desktop deployment.
    3. Select the appropriate servers for the RD Connection Broker server, RD Web Access server, and RD Session Host server [for example, Contoso-Cb1, Contoso-WebGw1, and Contoso-SH1, respectively].
    4. Select Restart the destination server automatically if required, and then click Deploy.
    5. Wait for the deployment to complete successfully

  3. Add RD License Server:

    1. In Server Manager, click Remote Desktop Services > Overview > +RD Licensing.
    2. Select the virtual machine where the RD license server will be installed [for example, Contoso-Cb1].
    3. Click Next, and then click Add.

  4. Activate the RD License Server and add it to the License Servers group:

    1. In Server Manager, click Remote Desktop Services > Servers. Right-click the server with the Remote Desktop Licensing role installed and select RD Licensing Manager.
    2. In RD Licensing Manager, select the server, and then click Action > Activate Server.
    3. Accept the default values in the Activate Server Wizard. Continue accepting default values until you reach the Company information page. Then, enter your company information.
    4. Accept the defaults for the remaining pages until the final page. Clear Start Install Licenses Wizard now, and then click Finish.
    5. Click Action > Review Configuration > Add to Group > OK. Enter credentials for a user in the AAD DC Administrators group, and register as SCP. This step might not work if you are using Azure AD Domain Services, but you can ignore any warnings or errors.

  5. Add the RD Gateway server and certificate name:

    1. In Server Manager, click Remote Desktop Services > Overview > + RD Gateway.
    2. In the Add RD Gateway Servers wizard, select the virtual machine where you want to install the RD Gateway server [for example, Contoso-WebGw1].
    3. Enter the SSL certificate name for the RD Gateway server using the external fully qualified DNS Name [FQDN] of the RD Gateway server. In Azure, this is the DNS name label and uses the format servicename.location.cloudapp.azure.com. For example, contoso.westus.cloudapp.azure.com.
    4. Click Next, and then click Add.

  6. Create and install self-signed certificates for the RD Gateway and RD Connection Broker servers.

    Note

    If you are providing and installing certificates from a trusted certificate authority, perform the procedures from step h to step k for each role. You will need to have the .pfx file available for each of these certificates.

    1. In Server Manager, click Remote Desktop Services > Overview > Tasks > Edit Deployment Properties.
    2. Expand Certificates, and then scroll down to the table. Click RD Gateway > Create new certificate.
    3. Enter the certificate name, using the external FQDN of the RD Gateway server [for example, contoso.westus.cloudapp.azure.com] and then enter the password.
    4. Select Store this certificate and then browse to the shared folder you created for certificates in a previous step. [For example,\Contoso-Cb1\Certificates.]
    5. Enter a file name for the certificate [for example, ContosoRdGwCert], and then click Save.
    6. Select Allow the certificate to be added to the Trusted Root Certificate Authorities certificate store on the destination computers, and then click OK.
    7. Click Apply, and then wait for the certificate to be successfully applied to the RD Gateway server.
    8. Click RD Web Access > Select existing certificate.
    9. Browse to the certificate created for the RD Gateway server [for example, ContosoRdGwCert], and then click Open.
    10. Enter the password for the certificate, select Allow the certificate to be added to the Trusted Root Certificate store on the destination computers, and then click OK.
    11. Click Apply, and then wait for the certificate to be successfully applied to the RD Web Access server.
    12. Repeat substeps 1-11 for the RD Connection Broker - Enable Single Sign On and RD Connection Broker - Publishing services, using the internal FQDN of the RD Connection Broker server for the new certificate's name [for example, Contoso-Cb1.Contoso.com].

  7. Export self-signed public certificates and copy them to a client computer. If you are using certificates from a trusted certificate authority, you can skip this step.

    1. Launch certlm.msc.
    2. Expand Personal, and then click Certificates.
    3. In the right-hand pane right-click the RD Connection Broker certificate intended for client authentication, for example Contoso-Cb1.Contoso.com.
    4. Click All Tasks > Export.
    5. Accept the default options in the Certificate Export Wizard accept defaults until you reach the File to Export page.
    6. Browse to the shared folder you created for certificates, for example \Contoso-Cb1\Certificates.
    7. Enter a File name, for example ContosoCbClientCert, and then click Save.
    8. Click Next, and then click Finish.
    9. Repeat substeps 1-8 for the RD Gateway and Web certificate, [for example contoso.westus.cloudapp.azure.com], giving the exported certificate an appropriate file name, for example ContosoWebGwClientCert.
    10. In File Explorer, navigate to the folder where the certificates are stored, for example \Contoso-Cb1\Certificates.
    11. Select the two exported client certificates, then right-click them, and click Copy.
    12. Paste the certifcates on the local client computer.

  8. Configure the RD Gateway and RD Licensing deployment properties:

    1. In Server Manager, click Remote Desktop Services > Overview > Tasks > Edit Deployment Properties.
    2. Expand RD Gateway and clear the Bypass RD Gateway server for local addresses option.
    3. Expand RD licensing and select Per User
    4. Click OK.

  9. Create a session collection. These steps create a basic collection. Check out Create a Remote Desktop Services collection for desktops and apps to run for more information about collections.

    1. In Server Manager, click Remote Desktop Services > Collections > Tasks > Create Session Collection.
    2. Enter a collection Name [for example, ContosoDesktop].
    3. Select an RD Session Host Server [Contoso-Sh2], accept the default user groups [Contoso\Domain Users], and enter the Universal Naming Convention [UNC] Path to the user profile disks created above [\Contoso-Cb1\UserDisks].
    4. Set a Maximum size, and then click Create.

You've now created a basic Remote Desktop Services infrastructure. If you need to create a highly-available deployment, you can add a connection broker cluster or a second RD Session Host server.

How to replace RDP with purchased public certificate

Windows server 2016 How to replace RDP with purchased public certificate

remote-desktop-services

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

Toggle Comment visibility. Current Visibility: Visible to all users

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlFan-MSFT answered May 3, '21

Hi,
If you have a SSL certificate and want to replace self -signed certificate, please refer to the link below:
Replace RDP Default Self Sign Certificate
//aventistech.com/2019/08/08/replace-rdp-default-self-sign-certificate/
by default the local Remote Desktop Protocol will use the self-signed certificate…not one issued by an internal CA…even if it contains all the right information. If you want to use a certificate other than the default self-signed certificate that RDP creates, you must configure the RDP listener to use the custom certificate…just installing the cert isn’t enough.
//www.sbuechler.de/tipps-tricks/131-how-to-to-install-ssl-certificate-on-windows-server-2016
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

Comment

Comment Show 0

Comment

5 |1600 characters needed characters left characters exceeded

Toggle Comment visibility. Current Visibility: Visible to all users

Attachments: Up to 10 attachments [including images] can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Generate a CSR Code for Remote Desktop Services

When applying for an SSL Certificate, you must generate a CSR code and submit it to the CA. The CSR includes contact details about your website or company. Depending on the version of your Remote Desktop Gateway Server, you can create the CSR in the same release of IIS. Microsoft IIS server comes pre-installed with every version of Windows.

For instance, if you use RDS 2016, you will generate your CSR in IIS 10 which is included in Windows Server 2016.

We’ve already written comprehensive guides on how to generate a CSR code on various IIS versions. Use the links below to find the relevant guide:

After you create your CSR and complete the SSL validation, the CA will send all the necessary certificate files to your inbox. You can now proceed to SSL installation.

RDP Certificate Template

1. On your Microsoft certificate authority server open the Certificate Templates console.

2. Expand the CA and right click on Certificate Templates, then select Manage.

3. Right click on the Computer template and select Duplicate.

4. Change the template display name to RemoteDesktopComputer [no spaces]. Verify the Template Name is exactly the same [no spaces]. You can use a different name if you want, but both fields must match exactly. Change the validity period to match your company policy.

5. Now we need to create an application policy to limit the usage to RDS authentication, then remove the other application uses for the certificate. On the Extensions tab click on Application Policies then click on Edit.

6. Click on Add, then click on New.Set the value of Name to Remote Desktop Authentication. Change the object identifier [OID] to 1.3.6.1.4.1.311.54.1.2.

7. From the Application Policies list, select Remote Desktop Authenticationand click OK.

8. Back on the certificate template properties, remove all other entries. Only Remote Desktop Authentication should be present.

9. You probably want to secure your domain controllers as well, so for that we need to modify the security setting on the template. Open the Security tab and add the group Domain Controllers and give the group Enroll [not Autoenroll]. Close out the certificate.

10. Open the MMC snap-in for managing your Certificate Authority and locate the Certificate Templates node. Right click, select New, then Certificate Template to Issue. Choose the RemoteDesktopComputer template.

How to Install an SSL Certificate on a Remote Desktop Gateway server

The following instructions will guide you through the SSL installation process on a Remote Desktop Gateway server. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.

A Complete Guide to Install SSL certificate on Remote Desktop Gateway Server

Remote Desktop Gateway server enables remote users to connect with resources of the internal or private network via any web connected device. RD Gateway uses RDP [Remote Desktop Protocol] to enable secure connection [HTTPS] between remote users and internal network. There is no need to configure VPS to enable secure communication with HTTPS. In this short piece of information, we will go through SSL installation process on RD Gateway server.

Video liên quan

Bài Viết Liên Quan

Laptop 4K display
Where is the Remote Desktop session Host Configuration tool in Server 2019?
Top 40 June 2013
What are the 5 activities involved in listening?
How do I put a Google Calendar shortcut on my desktop Windows 10?
Photoshop laptop
How to sort playlist on YouTube
Kim loại có tính dẻo cao nhất kim loại dẫn điện tốt nhất và kim loại cứng nhất lần lượt là
Laptop 11 inch 2022
How do I get an embedded video to Autoplay?
How do you split the screen on Chrome Remote Desktop?
Listening comprehension activities for kindergarten at home
Sửa lỗi webcam bị ngược trên laptop
Top-up đại học là gì
Để lọc ra danh sách học sinh nam có điểm môn Toán Lý tin lớn hơn 8 ta thực hiện
How do I enable copy and paste in Windows 10 Remote Desktop?
Danh sách các nhà máy sản xuất Dược phẩm
Is the desktop on the C drive?
Remote Desktop Manager scp
Plus size Bra Tops

Toplist mới

#1
Top 8 kết quả vòng 1 thi hành an dân sự 2023
7 tháng trước
#2
Top 6 vở bài tập tiếng việt tiết 8 2023
7 tháng trước
#3
Top 9 thuốc bổ âm thường uống lục nào 2023
7 tháng trước
#4
Top 5 luật tổ chức chính phủ hợp nhất pdf 2023
7 tháng trước
#5
Top 10 động cơ điện dùng trong đồ dùng điện nào a ti vi b bếp điện c quạt điện d đèn huỳnh quang 2023
7 tháng trước
#6
Top 5 xác định tên của 10 linh kiện trên mạch 2023
7 tháng trước
#7
Top 9 bươm bướm nâu bay vào nhà là điềm gì 2023
7 tháng trước
#8
Top 3 giáo án nhận biết đồ dùng để ăn 2023
7 tháng trước
#9
Top 10 tổng hợp kiến thức công nghệ 7 học kì 1 2023
7 tháng trước

Bài mới nhất

Da bị lão hóa sớm phải làm sao năm 2024
Câu lạc bộ nào có nhiều fan nhất hiện nay năm 2024
Đáp án đề thi môn toán thpt 2023 năm 2024
Nên dùng dầu gội nào cho tóc uốn năm 2024
Phân hóa phần trung tâm bắc mĩ vùng phía tây năm 2024
Top cac vi tuong lol 1 combo 1 mang lmht năm 2024
Viec lam tai cong ty co phan top fortune năm 2024
Bé chảy dãi đến khi nào sẽ tự hết năm 2024
De thi học kì hai môn hóa lớp 11-violet năm 2024
Bài tập 1 trang 145 hóa học 12 năm 2024

Chủ Đề

Hỏi Đáp Là gì Toplist Mẹo Hay Địa Điểm Hay mẹo hay Học Tốt programming Nghĩa của từ Công Nghệ Khỏe Đẹp Bao nhiêu đánh giá Top List bao nhieu bao nhiêu hướng dẫn Bài tập So Sánh Tiếng anh So sánh Xây Đựng Ngôn ngữ Bài Tập Sản phẩm tốt Ở đâu Thế nào Hướng dẫn Dịch Đại học Tại sao Máy tính Món Ngon Khoa Học Bao lâu Vì sao Hà Nội