Step 5: Importing the SSL Certificate on the Forefront TMG Server

  • Article

Applies To: Windows Server 2008 R2

When you import the certificate, ensure that you the also import SSL certificate as a Trusted Root Certification Authority on the Forefront TMG server, TMG-SRV.

Perform the following procedure on the Forefront TMG server, TMG-SRV, to install the SSL certificate for the RD Gateway server, RDG-SRV.

To import the SSL certificate for the RD Gateway server on the Forefront TMG Server

  1. Log on to TMG-SRV as CONTOSO\Administrator.

  2. On the Forefront TMG server, open the Certificates snap-in console as follows:

    1. Click Start, click Run, type mmc, and then click OK.

    2. On the File menu, click Add/Remove Snap-in.

    3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.

    4. In the Certificates snap-in dialog box, click Computer account, and then click Next.

    5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.

    6. In the Add or Remove snap-ins dialog box, click OK.

  3. In the Certificates snap-in console tree, expand Certificates (Local Computer), and then click Personal.

  4. Right-click the Personal folder, point to All Tasks, and then click Import.

  5. On the Welcome to the Certificate Import Wizard page, click Next.

  6. On the File to Import page, in the File name box, click Browse, and then browse to the location where you copied the SSL certificate for the RD Gateway server. From the file type drop-down list, select All Files (*.*). Select the certificate RDG-SRV.pfx, click Open, and then click Next.

  7. On the Password page, do the following:

    • Type password.

    • Select the Mark this key as exportable. This will allow you to back up or transport your keys at a later time. check box.

    • Ensure that the Include all extended properties check box is selected.

  8. Click Next.

  9. On the Certificate Store page, click Automatically select the certificate store based on the type of certificate, and then click Next.

  10. On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected and that the following certificate settings appear:

    • Certificate Store Selected: Automatically determined by the wizard.

    • Content: PFX

    • File Name: FilePath\RDG-SRV.pfx

  11. Click Finish.

  12. After the certificate import has successfully completed, a message appears that confirms the import was successful. Click OK.

  13. Right-click the Personal folder, and click Refresh.

  14. With Certificates selected in the console tree, in the details pane, verify that the RDG-SRV.contoso.com certificate appears in the list of certificates on the Forefront TMG server.

To import the SSL certificate as a Trusted Root Certification Authority on the Forefront TMG Server

  1. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Trusted Root Certification Authority.

  2. Right-click the Certificates folder, point to All Tasks, and then click Import.

  3. On the Welcome to the Certificate Import Wizard page, click Next.

  4. On the File to Import page, in the File name box, click Browse, and then browse to the location where you copied the SSL certificate for the RD Gateway server. From the file type drop-down list, select All Files (*.*). Select the certificate RDG-SRV.pfx, click Open, and then click Next.

  5. On the Password page, do the following:

    • Type password.

    • Select the Mark this key as exportable check box.

    • Ensure that the Include all extended properties check box is selected.

  6. Click Next.

  7. On the Certificate Store page, verify the default option Place all certificates in the following store is set to Certificate Store: Trusted Root Certification Authorities, and then click Next.

  8. On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected and that the following certificate settings appear:

    • Certificate Store Selected: Trusted Root Certification Authorities

    • Content: PFX

    • File Name: FilePath\RDG-SRV.pfx

  9. Click Finish.

  10. After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.

  11. Right-click the Trusted Root Certification Authority folder, and click Refresh.

  12. With Certificates selected in the console tree, in the details pane, verify that the RDG-SRV.contoso.com certificate appears in the list of certificates on the Forefront TMG server.

  13. In the Certificates snap-in console tree, expand Certificates (Local Computer), and then click Personal.

  14. Select Certificates in the console tree. In the details pane, double-click the RDG-SRV.contoso.com certificate.

  15. On the General tab, verify Ensures the identity of a remote computer is displayed, and then click OK.

  16. Close the Certificates snap-in.

You have imported the certificate and the SSL certificate as a Trusted Root Certification Authority on the Forefront TMG server, TMG-SRV. Now you can proceed to Step 6: Creating a Web Listener on the Forefront TMG Server.