cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Trying to renew my Remote Desktop Certificate in 2012r2

Hi,

I have a GoDaddy certificate for my Windows Remote Desktop Services expiring in a couple weeks. GoDaddy renewed it (auto renewal) and I have a new one expiring next year.

I added it to certlm under Certificates - Local Computer > Remote Desktop > Certificates alongside the old one.

I selected it along with the GoDaddy G2 authorities and exported them as a pfx file.

I went into Server Manager > Remote Desktop Services > Overview > Deployment Overview panel > Tasks > Edit Deployment Properties.

I clicked on Certificates then Select Existing Certificate, choose the new pfx file. When click Apply I get the message:

 

"the specified certificate is not valid. The certificate properties must match the requirements of the role service."

 

Does anyone know what this means and what properties I need to set? Do I do this on the GoDaddy management page or on the windows server (and if so, before or after I get the certificate from godaddy). The error gives me no clue what to do about it and google sends me down rabbit holes.

 

Thanks,

 

Jeff

1 ACCEPTED SOLUTION

Victory!

Here’s what happened:

Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

Thanks,

Jeff

View solution in original post

2 REPLIES 2

Victory!

Here’s what happened:

Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

Thanks,

Jeff

View solution in original post

Thanks for sharing. This was a big help for me!