Announcement

Collapse
No announcement yet.

How to install certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to install certificate

    Hello.

    I just got a trial certificate and would like to use it with my terminal servers.
    i have two. terminal1 and terminal2, running server 2008 load balancing.
    Now i'm a bit unsure on how to procede. When going into terminal service configuration and choosing a certificate. none shows up. I tried adding my trial certificate to cert store by doing mmc -> certificate -> local computer -> remote desktop -> import.
    i tried importing to the above folder, and also to automatic select the best folder.

    Obviously i'm doing something wrong, anyone have any idea?
    I am not using a TS gateway.
    Last edited by MichaelVP; 23rd October 2008, 14:20.

  • #2
    Re: How to install certificate

    Hi,

    First, please verify that the certificate FQDN is the NLB FQDN.
    Then, verity that the local server trust the root CA that created the certificate.

    Then after import the certificate, do to terminal configuration -> general
    and choose the required certificate.



    http://blogs.msdn.com/ts/archive/200...e-attacks.aspx
    Best Regards,

    Yuval Sinay

    LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

    Comment


    • #3
      Re: How to install certificate

      I actualy had the cluster named by its ip adress. Changed that, but still dont work.

      The certificate is bought from instantssl. that should be trusted.

      Comment


      • #4
        Re: How to install certificate

        Originally posted by MichaelVP View Post
        The certificate is bought from instantssl. that should be trusted.
        Not necessarily i.e.

        https://support.comodo.com/index.php...pcid=1&nav=0,1
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: How to install certificate

          I followed the following guide, but it still dosen't work.

          https://support.comodo.com/index.php...barticleid=883

          Here is the steps i have taken so far, i'm probably missing some simple thing.

          Installed Server 2008
          Installed terminal service / NLB
          added servers to cluster. clustername termtest.domain.dk (certificate named the same)
          Created a cert request with iis.
          got my certificates from instantssl
          followed the above guide
          added certificate to remote desktop
          went into terminal service conf. and tried to select certificate. None showed up.

          /Michael

          Comment


          • #6
            Re: How to install certificate

            Please check if the local servers/computer trust the CA that created the certificate.
            Best Regards,

            Yuval Sinay

            LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

            Comment


            • #7
              Re: How to install certificate

              I'm not quite sure how to check this.
              In Trusted Root Certification authorities it did not seem to be there. that is why i followed the guide below. i thought that was to add it there.

              Seems that could be the problem. I tried checking the same store on my live terminal servers, and for some reason they had several more certificates in that store.
              Last edited by MichaelVP; 29th October 2008, 12:05.

              Comment


              • #8
                Re: How to install certificate

                If you open the certificate does it show with a yellow triangle (I think) or not?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: How to install certificate

                  Open the certificate, go to the certification path tab and post a screenshot from it
                  Marcel
                  Technical Consultant
                  Netherlands
                  http://www.phetios.com
                  http://blog.nessus.nl

                  MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                  "No matter how secure, there is always the human factor."

                  "Enjoy life today, tomorrow may never come."
                  "If you're going through hell, keep going. ~Winston Churchill"

                  Comment


                  • #10
                    Re: How to install certificate

                    Will do

                    http://img136.imageshack.us/my.php?image=certyh7.jpg

                    Comment


                    • #11
                      Re: How to install certificate

                      wrong image, You have to view the certificate itself you have installed.
                      Hoewever, at a glance I don't see comodo or instantssl as a trusted root certificate
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: How to install certificate

                        comodo / instantssl uses a certificate called UTN-userfirst-hardware as cert name.

                        first remote desktop cert:
                        http://img293.imageshack.us/my.php?image=remoteaw0.jpg(has yellow triangle under details -> basic constrains / key usage)

                        Trusted root CA:
                        http://img185.imageshack.us/my.php?image=cert2nc6.jpg
                        (yellow triangle in Basic cinstrains)

                        Intermediate CA
                        http://img232.imageshack.us/my.php?image=cert3jv9.jpg
                        (triangle in key and constrains)

                        Comment

                        Working...
                        X