Every year now, I need to update the certificates on my Microsoft Remote desktop services servers.
- IIS front end
- RDWeb Web client
- components of RDS through server manager. Connection broker, gateway and web.
- RDS gateway.
Install the certificate
- Open the MMC
- Click add snap in
- Choose Certificates
- Choose “Local computer”
- Choose this computer
- Expand Personal\Certificates
- Right click certificates and under all tasks, choose import certificate.
- Now import your new PFX file
- I recommend giving it a friendly name.
- Now right click this certificate and click more tasks.
- Click Export
- Follow the wizzard. Don’t export the private key.
- Save it to somewhere that will be easy to find shortly.
- Open IIS Internet Information Services
- Expand your server then expand sites
- Right click on Default website.
- Click Edit bindings
- Click on the HTTPS port 443 binding.
- Click Edit
- Choose your certificate using the friendly name that you configured earlier.
- Click Ok then Close.
- You can now close the IIS administration interface.
Update the RDWeb web client
You do this by unpublishing the client, importing the certificate then re-publishing the client again.
- Open PowerShell as administrator
- Type the following command to unpublish the web client.
Publish-RDWebClientPackage -Type Production
- Now import the certificate using the following command. Replace everything between the <> with the path to the cer file you exported earlier.
Publish-RDWebClientPackage -Type Production -latest
Update the RDS service using server manager
- Open server management
- On the right, open RDS Remote Desktop services
- In your main deployment window, click the deployment tasks button.
- Click Deployment properties
- Highlight the certificates option on the left
- For each certificate, do the following:
- Click the certificate
- Click change
- Choose the second option. Ad dfrom file
- Browse to the PFX file
- Type the password
- Click OK
- Click Apply
- You will need to do this at least four times.
Update the certificate on the gateway
- Open the gateway manager
- Right click the gateway on the left
- Click Properties
- Move to the Certificates tab
- Choose the third button down to import a new certificate.
- Browse to the PFX
- Type the password when prompted
At this point, you will probably need to reboot the connection broker and front end servers.