{"id":630,"date":"2017-02-06T06:21:06","date_gmt":"2017-02-06T06:21:06","guid":{"rendered":"http:\/\/www.itcrumbs.com\/?p=630"},"modified":"2019-02-07T04:38:48","modified_gmt":"2019-02-07T04:38:48","slug":"how-to-renew-ssl-cert-for-remote-app","status":"publish","type":"post","link":"https:\/\/www.itcrumbs.com\/?p=630","title":{"rendered":"How to renew SSL cert for Remote App"},"content":{"rendered":"<p><a title=\"http:\/\/www.urtech.ca\/2010\/08\/how-to-renew-a-terminal-server-remote-desktop-certificate\/\" href=\"http:\/\/www.urtech.ca\/2010\/08\/how-to-renew-a-terminal-server-remote-desktop-certificate\/\">http:\/\/www.urtech.ca\/2010\/08\/how-to-renew-a-terminal-server-remote-desktop-certificate\/<\/a> <\/p>\n<p><strong>CREATE A NEW CERTIFICATE REQUEST:<\/strong> <\/p>\n<ol>\n<li>Launch IIS Manager and click the SERVER name (not the websites or virtual directories)\n<li>In the IIS section, click<strong> SERVER CERTIFICATES<\/strong> (if you don\u2019t see this, you are likely not at the server level, go click on the server name at the top of the IIS Manager CONNECTIONS tree)\n<li>Click <strong>CREATE CERTIFICATE REQUEST<\/strong> and complete the form. Note that the only things that really counts is the certificate name (like tsg.commodore.ca) and company information.\n<li>Click <strong>NEXT<\/strong> and on the CRYPTOGRAPHIC screen, leave the default MICROSOFT RSA\u2026 provider option but you mush change the<strong> BIT LENGTH<\/strong> to 2048.\n<li>Specify a path for the CSR.&nbsp; I like C:\\ but it realy make no difference.<\/li>\n<\/ol>\n<p><strong>Skip this part for 2012r2, just to MAP A CERT <\/strong> <\/p>\n<ol>\n<li>Open the Certificates snap-in console. If you have not already added the Certificates snap-in console, you can do so by doing the following:\n<li>Click <strong>Start<\/strong>, click <strong>Run<\/strong>, type <strong>mmc<\/strong>, and then click <strong>OK<\/strong>.\n<li>On the <strong>File<\/strong> menu, click <strong>Add\/Remove Snap-in<\/strong>.\n<li>In the <strong>Add or Remove Snap-ins<\/strong> dialog box, in the <strong>Available snap-ins<\/strong> list, click <strong>Certificates<\/strong>, and then click <strong>Add<\/strong>.\n<li>In the <strong>Certificates snap-in<\/strong> dialog box, click <strong>Computer account<\/strong>, and then click <strong>Next<\/strong>.\n<li>In the <strong>Select Computer<\/strong> dialog box, click <strong>Local computer: (the computer this console is running on)<\/strong>, and then click <strong>Finish<\/strong>.\n<li>In the <strong>Add or Remove snap-ins<\/strong> dialog box, click <strong>OK<\/strong>.\n<li>In the Certificates snap-in console, in the console tree, expand <strong>Certificates (Local Computer)<\/strong>, and then click <strong>Personal<\/strong>.\n<li>Right-click the <strong>Personal <\/strong>folder, point to <strong>All Tasks<\/strong>, and then click <strong>Import<\/strong>.\n<li>On the <strong>Welcome to the Certificate Import Wizard<\/strong> page, click <strong>Next<\/strong>.\n<li>On the <strong>File to Import<\/strong> page, in the <strong>File name<\/strong> box, specify the name of the certificate that you want to import, and then click <strong>Next<\/strong>.\n<li>On the <strong>Password<\/strong> page, do the following:\n<li>If you specified a password for the private key associated with the certificate earlier, type the password.\n<li>If you want to mark the private key for the certificate as exportable, ensure that <strong>Mark this key as exportable<\/strong> is selected.\n<li>If you want to include all extended properties for the certificate, ensure that <strong>Include all extended properties<\/strong> is selected.\n<li>Click <strong>Next<\/strong>.\n<li>On the <strong>Certificate Store<\/strong> page, accept the default option, and then click <strong>Next<\/strong>.\n<li>On the <strong>Completing the Certificate Import Wizard<\/strong> page, confirm that the correct certificate has been selected.\n<li>Click <strong>Finish<\/strong>.\n<li>After the certificate import has successfully completed, a message appears confirming that the import was successful. Click <strong>OK<\/strong>.\n<li>With <strong>Certificates<\/strong> selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the TS Gateway server. The certificate must be under the <strong>Personal <\/strong>store of the local computer.<\/li>\n<\/ol>\n<p><strong>MAP A CERTIFICATE TO THE LOCAL TS \/ RD GATEWAY SERVER: <\/strong> <\/p>\n<ol>\n<li>You must use TS Gateway Manager to map the TS Gateway server certificate. <em><strong>If you map a TS Gateway server certificate by using any other method, TS Gateway will not function correctly<\/strong><\/em>.\n<li>Open TS Gateway Manager. To open TS Gateway Manager, click <strong>Start<\/strong>, point to <strong>Administrative Tools<\/strong>, point to <strong>Terminal Services<\/strong>, and then click <strong>TS Gateway Manager<\/strong>.\n<li>In the TS Gateway Manager console tree, right-click the local TS Gateway server, and then click <strong>Properties<\/strong>.\n<li>On the <strong>SSL Certificate<\/strong> tab, click <strong>Select an existing certificate for SSL encryption (recommended)<\/strong>, and then click <strong>Browse Certificates<\/strong>.\n<li>In the <strong>Install Certificate<\/strong> dialog box, click the certificate that you want to use, and then click <strong>Install<\/strong>.\n<li>Click <strong>OK <\/strong>to close the <strong>Properties<\/strong> dialog box for the TS Gateway server.\n<li>If this is the first time that you have mapped the TS Gateway certificate, after the certificate mapping is completed, you can verify that the mapping was successful by viewing the <strong>TS Gateway Server Status<\/strong> area in TS Gateway Manager. Under <strong>Configuration Status and Configuration Tasks<\/strong>, the warning stating that a server certificate is not yet installed or selected and the <strong>View or modify certificate properties<\/strong> hyperlink are no longer displayed<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>http:\/\/www.urtech.ca\/2010\/08\/how-to-renew-a-terminal-server-remote-desktop-certificate\/ CREATE A NEW CERTIFICATE REQUEST: Launch IIS Manager and click the SERVER name (not the websites or virtual directories) In the IIS section, click SERVER CERTIFICATES (if you don\u2019t see this, you are likely not at the server level, go click on the server name at the top of the IIS Manager CONNECTIONS tree) [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-630","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/posts\/630","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=630"}],"version-history":[{"count":1,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/posts\/630\/revisions"}],"predecessor-version":[{"id":631,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=\/wp\/v2\/posts\/630\/revisions\/631"}],"wp:attachment":[{"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=630"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=630"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itcrumbs.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}