By default, Transport Layer Security (TLS) 1.0 is used to encrypt communications between Remote Desktop Services clients and RD Gateway servers over the Internet. For TLS to function correctly, you must install a Secure Sockets Layer-compatible X.509 certificate on the RD Gateway server.

You can obtain a certificate in one of the following ways:


We recommend that you use a self-signed certificate only for testing and evaluation purposes.

For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (

This section describes certificate requirements for the RD Gateway server and provides more information about the different methods that you can use to obtain a certificate. The following topics are covered: