Every year now, I need to update the certificates on my Microsoft Remote desktop services servers.
This involves:
- IIS front end
- RDWeb Web client
- components of RDS through server manager. Connection broker, gateway and web.
- RDS gateway.
Rough instructions:
Install the certificate
- Open the MMC
- Click add snap in
- Choose Certificates
- Choose “Local computer”
- Choose this computer
- Expand Personal\Certificates
- Right click certificates and under all tasks, choose import certificate.
- Now import your new PFX file
- I recommend giving it a friendly name.
- Now right click this certificate and click more tasks.
- Click Export
- Follow the wizzard. Don’t export the private key.
- Save it to somewhere that will be easy to find shortly.
Update IIS
- Open IIS Internet Information Services
- Expand your server then expand sites
- Right click on Default website.
- Click Edit bindings
- Click on the HTTPS port 443 binding.
- Click Edit
- Choose your certificate using the friendly name that you configured earlier.
- Click Ok then Close.
- You can now close the IIS administration interface.
Update the RDWeb web client
You do this by unpublishing the client, importing the certificate then re-publishing the client again.
- Open PowerShell as administrator
- Type the following command to unpublish the web client.
Publish-RDWebClientPackage -Type Production - Now import the certificate using the following command. Replace everything between the <> with the path to the cer file you exported earlier.
Import-RDWebClientBrokerCert
Publish-RDWebClientPackage -Type Production -latest
Update the RDS service using server manager
- Open server management
- On the right, open RDS Remote Desktop services
- In your main deployment window, click the deployment tasks button.
- Click Deployment properties
- Highlight the certificates option on the left
- For each certificate, do the following:
- Click the certificate
- Click change
- Choose the second option. Ad dfrom file
- Browse to the PFX file
- Type the password
- Click OK
- Click Apply
- You will need to do this at least four times.
Update the certificate on the gateway
- Open the gateway manager
- Right click the gateway on the left
- Click Properties
- Move to the Certificates tab
- Choose the third button down to import a new certificate.
- Browse to the PFX
- Type the password when prompted
At this point, you will probably need to reboot the connection broker and front end servers.
HI,
Instructions in my case are not working. When i try to unpublish the installed one, then PowerShell doesn’t recognize:
Publish-RDWebClientPackage -Type Production
If i try the same with:
Import-RDWebClientBrokerCert xxx.cer, its works
Also, this one works, but not yet usable in my case because i need first unpublish the installed one:
Publish-RDWebClientPackage -Type Production -latest
My question is:
how can i step by step replace my installed certificate for the rdweb client version
packageId : rd-html5
version : 1.0.27.0
author : Microsoft
summary : The Remote Desktop Web Client
minRDWebClientManagementVersion : 1.0.2
path : C:\Program Files\RemoteDesktopWeb\Internal\Clients\zekjgkvf.knc
_baseVersion : 1.0.27.0
publishedAs : {Production}
This was a life saver so thank you!