Recently, I had to renew one of the remote desktop server farm SSL certificate. There are many instructions and videos for renewal of self-sign SSL for RDS gateway but there are only few places I was able to find anything for trusted SSL renewal.
In this blog I’ve used images from windowsserveressentials.com ( https://windowsserveressentials.com/2012/06/20/renew-your-ssl-certificate-sbs-2011-essentials/), because I really didn’t have chance to take snapshot of every step I did and cannot risk leaking any info on servers I worked on( if I forget to black out some parts 🙂 ). But basically cert renewal is the same and no difference initially with few important changes. Server I worked was 2016 Server.
****First, open IIS Manger and click on Server name.
****Then click on server certificate about to expire and right hand top corner click on create certificate request and this will bring up certificate request wizard. In this fields make sure to fill the name as exactly as current rds gateway name and choose bit length as 2048.
****Then save the cert request where ever you want. But I usually save to the root C:\Cert\2020. So I can keep track on old certs too. Just in case if I need old one I’ve it close by. This a text file with all the crypto info.
Then head to your favourite SSL provider and complete the cert renewal. My cert provider was Go daddy and usually godaddy auto renew SSL but cannot use this SSL due to the fact that it is missing private key info from the server. So basically click on cert and copy and past entire certreq.txt file info and request the SSL from Go daddy.
****Then Go daddy will do it things and send out email to whoever mange domain to confirm cert renew. In this case I had access to the email account who mange the domain. Once you go daddy issue cert go ahead and choose IIS as a cert and download to the server cer location. I choose C:\certs\2020.
****Then we gonna go to next step and open IIS Manger again and same place click on complete cert renewal. Then select the CA issues cer and name the cert complete the request which will install new SSL on IIS.
****After cert install SSL need to bind into port 443 in order to be active.
****So we are done with SSL for IIS, then need to assign cert for RD Gateway. Open TS Gateway Manager and right-click the local TS Gateway server, and then click Properties.
****On the SSL Certificate tab, click Select an import and it will show certificate just install in IIS and you can simply install it. After that Click OK to close the Properties dialog box for the TS Gateway server.
*****After this step you are done and RDS gateway will show with proper cert.
NetSideTech 