When configuring a RDWA Farm, Connection broker HA or Gateway Services it is recommended that you use a SAN or Wild certificate.
SAN certificates allow you to use alternative names providing alternative name resolution for internal and external connections.
Please see the following Link http://www.cacert.org for Free certificates. I would recommend purchasing certificates for production environments.
Open MMC > add snap in > select Local computer certificates.
Right click > All Tasks > Advanced Operations > Create Custom Request
Ensure that you select Proceed without enrollment policy
Select Legacy Template Key and PKCS#10
Configure the properties.
Enter a friendly name for the certificate and a description .
Creating the Subject Name of the SAN Certificate
To create the san certificate, you would need to enter the following fields into the subject name.
CN=remotedesktop.example.com OU=example company O=IT POBox= STREET=downing street STREET= STREET= L= S= PostalCode= C= Email= Phone=
Add Server Authentication to the selected options
select a Key Size of 4096 and a key type of Exchange Type
Click Next after configuring the certificate
Save the request file to a location of your chose.
You can check your CSR using the following tool https://secure.comodo.net/utilities/decodeCSR.html
Ryan Mangan's IT Blog 
Hi ,
I created CSR using this method now how to create .cer or .pfx using this csr.
I tried on digicert its giving error of keysize not compatible with 2048 . I also regenerate CSR for 2048 but still no luck .
Regards
Tahir
Try using a 4096 Key size.
Best Regards
I am having a problem with my Cert once it is created. It does not seem to be holding the SAN Values fully. It seems to only hold the first Alternative Name
Setup of SAN
Details of Cert
What is needed to get all the Alternative Names included in the Cert?
Hi, not quite sure what’s going on with this one.
Can you send me the csr request so I can have a look. alternatively you can use Commodos CSR Checker or Digicerts https://www.digicert.com/util/
Best regards,
Hi Ryan,
thanks for your very helpfull Blog!
I want to create a Certification Request for my 2 RDS 2012 R2 Gateway´s. Is your method described here the same for RDS Gateway´s?
Thanks and best regrads,
Cihan
And one Thing i forgot: Can i use one Certificate for both Web Access and Gateway Servers?
Hi,
Yes its the same process.
Best regards,
Thanks Ryan! For those having issues with the key size or any other values not being correct with 2012 R2, just be make sure that you hit apply when moving between the tabs. I noticed otherwise the values revert.