Creating a SAN Certificate for Use With RDS 2012


When configuring a RDWA Farm, Connection broker HA or Gateway Services it is recommended that you use a SAN or Wild certificate.

SAN certificates allow you to use alternative names providing alternative name resolution for internal and external connections.

Please see the following Link http://www.cacert.org  for Free certificates. I would recommend purchasing certificates for production environments.

Open MMC > add snap in > select Local computer certificates.

Creating a SAN1

Right click > All Tasks > Advanced Operations > Create Custom Request

Creating a SAN2

Ensure that you select Proceed without enrollment policy

Creating a SAN3

Select Legacy Template Key and PKCS#10

Creating a SAN4

Configure the properties.

Creating a SAN5

Enter a friendly name for the certificate and a description .

Creating a SAN6

 Creating the Subject Name of the SAN Certificate

To create the san certificate, you would need to enter the following fields into the subject name.

CN=remotedesktop.example.com
OU=example company
O=IT
POBox=
STREET=downing street
STREET=
STREET=
L=
S=
PostalCode=
C=
Email=
Phone=

Creating a SAN7

Add Server Authentication to the selected options

Creating a SAN8

select a Key Size of 4096 and a key type of Exchange Type

Creating a SAN9

Click Next after configuring the certificate

Creating a SAN10

Save the request file to a location of your chose.

You can check your CSR using the following tool https://secure.comodo.net/utilities/decodeCSR.html

8 thoughts on “Creating a SAN Certificate for Use With RDS 2012

  1. Hi ,

    I created CSR using this method now how to create .cer or .pfx using this csr.
    I tried on digicert its giving error of keysize not compatible with 2048 . I also regenerate CSR for 2048 but still no luck .

    Regards
    Tahir

  2. I am having a problem with my Cert once it is created. It does not seem to be holding the SAN Values fully. It seems to only hold the first Alternative Name

    Setup of SAN

    Details of Cert

    What is needed to get all the Alternative Names included in the Cert?

  3. Hi Ryan,
    thanks for your very helpfull Blog!
    I want to create a Certification Request for my 2 RDS 2012 R2 Gateway´s. Is your method described here the same for RDS Gateway´s?

    Thanks and best regrads,
    Cihan

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s