By default, Transport Layer Security (TLS) 1.0 is used to encrypt communications between Remote Desktop Services clients and RD Gateway servers over the Internet. For TLS to function correctly, you must install a Secure Sockets Layer-compatible X.509 certificate on the RD Gateway server.
You can obtain a certificate in one of the following ways:
- You can generate and submit a certificate
request to obtain a certificate from a stand-alone or an enterprise
certification authority (CA).
- You can purchase a certificate (or obtain one
at no cost on a trial basis) from one of the trusted public CAs
that participate in the Microsoft Root Certificate Program Members
program [as listed in article 931125 in the Microsoft Knowledge
Base (http://go.microsoft.com/fwlink/?LinkID=59547)].
- You can use the Add Roles Wizard to create a
self-signed certificate when you install the RD Gateway role
service, or you can use Remote Desktop Gateway Manager to do this
after RD Gateway is installed.
Note | |
We recommend that you use a self-signed certificate only for testing and evaluation purposes. |
For more information about RD Gateway, see the Remote Desktop Services page on the Windows Server 2008 R2 TechCenter (http://go.microsoft.com/fwlink/?LinkId=140433).
This section describes certificate requirements for the RD Gateway server and provides more information about the different methods that you can use to obtain a certificate. The following topics are covered: