Hi Haijian Shan,
I completed the Installation of Certificate in the RDP Session by following these steps.
Part 1: Install RD Gateway Role Service
To set up the Remote Desktop Gateway (RD Gateway), the following steps were completed:
1. Open Server Manager:
The server was logged into and Server Manager was opened from the Start menu.
2. Add the Remote Desktop Services Role:
In Server Manager, the Roles section on the left was clicked. Then, Add Roles was selected.
3. Select the RD Gateway Role:
In the Add Roles Wizard, Remote Desktop Services was selected, followed by clicking Next. Under Select Role Services, Remote Desktop Gateway was checked, and Next was clicked.
4. Skip SSL Certificate Configuration for Now:
When prompted for an SSL certificate, Use SSL Certificate Later was chosen, or Self-signed certificate was selected temporarily if a custom certificate would be added later.
5. Review and Complete Installation:
After reviewing the configuration, Install was clicked to begin the installation. Once the process was completed, Close was clicked to finalize the installation.
Part 4: Prepare a Trusted .p12 Certificate
To use a custom certificate with the Remote Desktop Gateway, the .keystore certificate file was converted to a .p12 format.
1. Locate and Place the Keystore File:
The .keystore certificate file was copied to the following directory:
C:\Program Files\Java\bin
2. Convert the Keystore to .p12 Format:
The following keytool command was executed in Command Prompt, navigating to the bin directory where the .keystore file is located:
cd C:\Program Files\Java\bin
And converted the .keystore file to .p12 format.
3. Verify .p12 Certificate Generation:
After getting the .p12 file was successfully created in the directory C:\Program Files\Java\bin.
Part 5: Install the Certificate Using MMC (Microsoft Management Console)
Once the .p12 certificate was generated, it was imported into the server's certificate store.
1. Open MMC:
The Microsoft Management Console (MMC) was opened by pressing Win + R, typing mmc, and pressing Enter.
2. Add Certificates Snap-in:
In MMC, File > Add/Remove Snap-in... was selected. In the Add or Remove Snap-ins window, Certificates was chosen and added, selecting Computer account and clicking Next and Finish.
3. Import the .p12 Certificate:
In MMC, the following steps were followed to import the .p12 certificate:
- Expanded Certificates (Local Computer) > Personal.
- Right-clicked Personal, selected All Tasks > Import to start the Certificate Import Wizard.
- In the wizard, the .p12 file was located, the password for the certificate was entered, and the certificate was imported into the Personal store. Part 6: Assign the Certificate to Remote Desktop Services
After importing the certificate, it was bound to the Remote Desktop Services (RDS) for use with the RD Gateway.
1. Open Remote Desktop Session Host Configuration:
The Remote Desktop Session Host Configuration was opened by navigating to Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
2. Assign the Certificate:
In the Remote Desktop Session Host Configuration window, under Connections, RDP-Tcp was right-clicked, and Properties was selected. In the RDP-Tcp Properties window, the General tab was opened, and Select was clicked next to Certificate. The imported certificate was selected in the Select Certificate window and confirmed by clicking OK.
3. Apply Changes:
Changes were applied by clicking Apply in the RDP-Tcp Properties window.
4. Restart Remote Desktop Services:
Services was opened by pressing Win + R, typing services.msc, and pressing Enter. In the Services window, Remote Desktop Services was located, right-clicked, and Restart was selected. This ensured the new certificate was applied and used by Remote Desktop Services.
With these steps completed, the RD Gateway was successfully configured with a trusted SSL certificate.