update certificate rd gateway and session hosts 2019

Question

How do we update the ssl certificate for the rd gateway and session hosts 2019? Do we update it in IIS and Terminal Server configuration manager? IS there anything else we need to do?

And will the old rdp file to connect to the rd gateway still work?

I have to know how this works exactly to avoid long extended down time.

Answer 1

Hello Henry N

Normally I follow the next steps:

1. Start by importing the SSL certificate into the Computer Account. MMC (Add/Remove Snapins - Certificates -Computer Account). I imported the cert into the Personal and Remote Desktop stores.
2. Import the SSL certificate into IIS. Run IIS Manager, select the ServerName (left side Connections), under the IIS section, open Server Certificates, import the SSL certificate here. Select the Web site (left side Connections), open Bindings (on the right side Actions) and associate/bind the wildcard cert with the appropriate https,host,port(443).
3. TS RemoteApp Manager, Overview Section, Digital Signature Settings, Change, Digital Signature, Sign with a digital certificate checked Change, select the SSL certificate.
4. TS Gateway Manager, select ServerName, Properties, SSL Certificate tab, select an existing certificate for SSL encryption (recommended), Browse Certificates, select the SSL certificate.
5. Terminal Services Configuration, Connections area, select appropriate connection, Properties, General tab, Select, select the SSL certificate.

---

--If the reply is helpful, please Upvote and Accept as answer--

Answer 2

something is missing for me from these steps. I've managed to setup a test environment to test this however the old rdp files work but the new ones (after configuring the new certificates) do not work. I see the new rdp files have the new certificate embedded.

What could I possibly be missing?

Answer 3

Sorry it worked fine in the production so I must have done something wrong when I tested it. Thanks!