cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Trying to renew my Remote Desktop Certificate in 2012r2

Hi,

I have a GoDaddy certificate for my Windows Remote Desktop Services expiring in a couple weeks. GoDaddy renewed it (auto renewal) and I have a new one expiring next year.

I added it to certlm under Certificates - Local Computer > Remote Desktop > Certificates alongside the old one.

I selected it along with the GoDaddy G2 authorities and exported them as a pfx file.

I went into Server Manager > Remote Desktop Services > Overview > Deployment Overview panel > Tasks > Edit Deployment Properties.

I clicked on Certificates then Select Existing Certificate, choose the new pfx file. When click Apply I get the message:

 

"the specified certificate is not valid. The certificate properties must match the requirements of the role service."

 

Does anyone know what this means and what properties I need to set? Do I do this on the GoDaddy management page or on the windows server (and if so, before or after I get the certificate from godaddy). The error gives me no clue what to do about it and google sends me down rabbit holes.

 

Thanks,

 

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
Solution

Re: Trying to renew my Remote Desktop Certificate in 2012r2

Victory!

Here’s what happened:

Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

Thanks,

Jeff

View solution in original post

2 REPLIES 2
Solution

Re: Trying to renew my Remote Desktop Certificate in 2012r2

Victory!

Here’s what happened:

Windows didn’t like that the GoDaddy auto-renewal was using the same private key. I generated a new certificate request for the FQDN, and I did it in IIS Manager, not in Certlm.

I submitted the CSR it generated (2048bit) and got a new certificate issued. I downloaded the IIS one, then imported it into Certificates - Local Computer > Personal in certlm. I could then export it by itself to a pfx file (I did export the private key, did not delete the private key, and did export all extended properties).

This made a pfx file I could set as the certificate for each item in the Remote Desktop > Deployment Properties  > Certificates window of Server Manager. Note that I had to “Select Existing Certificate” select the pfx from the file path and enter the password, and clicked Apply four separate times.

Thanks,

Jeff

View solution in original post

Re: Trying to renew my Remote Desktop Certificate in 2012r2

Thanks for sharing. This was a big help for me!