Currently moving RDG role from "nene-server" to "NTRDG01, but when trying to connect externally to the gateway, getting certificate error:External error on gateway over https.
This was weird because I uploaded a re-keyed certificate from 123reg but the server didn't seem to want to serve it up, so I used the below command to try to force it:
WMIC /namespace:\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="CERTIFICATE THUMBPRINT HERE".
This resulted in the server using the new certificate, but still erroring:Correct certificate failing
This is the method I used to re-key the existing wildcard certificate:
- Generated CSR & Private key
OpenSSL> Req -newkey rsa:2048 -keyout "C:\cert\private.key" -out "C:\cert\request.csr"
Generating CSR & key
- Re-keyed the existing Wildcard SSL certificate in 123reg
- Downloaded 123reg certificate bundle in type "IIS", this provided a .pem, .p7b & .crt
- Then bundled the .crt & private key into a .pfx for the gateway import
OpenSSL> pkcs12 -export -out "C:\cert\bundle.co.uk.pfx" -inkey "C:\cert\private.key" -in "C:\cert\cert.crt"
Bundling certificate & key
- I then uploaded this new .pfx cert bundle directly into the RDG
RDG SSL cert uploaded
However if I try to use the gateway externally it errors showing image 2.
I've tried this a few times, but I notice when uploading a new certificate the certificate being served externally doesn't update to match the RDG uploaded one for example:
This is the validity timestamp on one of my attempts (12:59:34):old cert timestamp
This is the validity timestamp on the latest attempt (15:17:00):new cert timestamp
Am I generating the certificate incorrectly? This is how I did it previously (without the re-key),
Is there something wrong with my RDG? ( I spun this VM up fresh & only domain joined it before configuring the gateway)
Any help would be really appreciated, I feel like hitting my head against a wall !
