By default, Transport Layer Security (TLS) 1.0 is used to encrypt communications between Remote Desktop Services clients and RD Gateway servers over the Internet. For TLS to function correctly, you must install a Secure Sockets Layer-compatible X.509 certificate on the RD Gateway server.
You can obtain a certificate in one of the following ways:
- You can generate and submit a certificate
request to obtain a certificate from a stand-alone or an enterprise
certification authority (CA).
- You can purchase a certificate (or obtain one
at no cost on a trial basis) from one of the trusted public CAs
that participate in the Microsoft Root Certificate Program Members
program [as listed in article 931125 in the Microsoft Knowledge
- You can use the Add Roles Wizard to create a
self-signed certificate when you install the RD Gateway role
service, or you can use Remote Desktop Gateway Manager to do this
after RD Gateway is installed.
We recommend that you use a self-signed certificate only for testing and evaluation purposes.
For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkId=140433).
This section describes certificate requirements for the RD Gateway server and provides more information about the different methods that you can use to obtain a certificate. The following topics are covered: