How to Install SSL Certificate on Remote Desktop Gateway Server

A Complete Guide to Install SSL Certificate on Remote Desktop Gateway Server

Remote Desktop Gateway (RD Gateway) enables remote users to securely connect with resources of the internal or private network via any web connected device. It works by tunneling Remote Desktop Protocol (RDP) traffic over HTTPS, providing secure communication channel. However, to properly secure the connection an SSL certificate must be installed and correctly configured on the RD gateway server.

We’ll walk you through the exact steps to install an SSL certificate on your RD Gateway server, from CSR generation to final verification in a clear, step-by-step format.

CSR Generation

Before purchasing or installing an SSL certificate, you’ll need to generate a Certificate Signing Request (CSR). The CSR includes your domain information and public key, which is required by the Certificate Authority to issue your certificate.

Option 1: Generate CSR Using IIS Manager (Recommended)

1. Open IIS Manager (Start > Run > inetmgr)
2. In the left panel, select your server name (not a website).
3. Double-click Server Certificates.
4. click Create Certificate Request from the options on the right side.
5. Fill in the required details:
   • Common Name: Your RD Gateway FQDN (e.g., rd.yourdomain.com)
   • Organization: Your legal business name (or domain owner name)
   • Organizational Unit: IT or leave blank
   • City/State/Country: Match business location
6. Choose Microsoft RSA SChannel as the cryptographic provider.
7. Select a key length of 2048 bits or higher.
8. Save the CSR file when prompted.

Option 2: Generate CSR Using PowerShell

You can also use PowerShell and Windows Certificate Services, but this is recommended only for advanced users or automation workflows.

Prerequisites

Before starting the installation, make sure you have the following things in place:

• Administrator access to the Windows Server running RD Gateway.
• Fully Qualified Domain Name (FQDN) assigned to the RD Gateway (e.g., rd.yourdomain.com).
• A valid SSL certificate issued for your RD Gateway domain.
• Remote Desktop Gateway role installed and configured.
• Access to IIS Manager or PowerShell (for CSR generation).
• Certificate in .pfx format (with private key) is required for import. Convert .crt and .key files to .pfx using OpenSSL if needed.

Steps to Install SSL Certificate on Remote Desktop  Gateway Server

Once you’ve received the issued certificate from your Certificate Authority, follow these steps to install and bind it to your RD Gateway.

• Step 1: Click on Start >> Administrative tools >> Remote Desktop Services >> Remote Desktop Gateway Manager
• Step 2: Under Remote Desktop Gateway Manager Console tree, Right click on RD Gateway server and select Properties.

• Step 3: In Properties box, click on SSL certificate tab, click on “Import a certificate on the RD Gateway Certificates (local computer)/personal store” where RD server name refers to the computer name.

  

• Step 4: Click on “Browse and import certificate”
• Step 5: Under Open dialog box, click certificate and click “Open”
• Step 6: In the dialog box “Enter Private Key Password” and in the “Private Key password” box, provide the password and click OK.
• Step 7: Click on Import certificate dialog box.
• Step 8: Click OK and close the Properties tab.

Restart RD Gateway Service

Restart the Remote Desktop Gateway service or the entire server to make sure the new certificate is applied.

Verify Your SSL Certificate

After installation, you should verify that the certificate is working correctly.

• Connect to the RD Gateway using a remote client and check for warnings.
• Verify that the certificate shows as trusted and is issued to the correct domain.
• You can also test it using SSL2BUY’s SSL Checker by entering your RD Gateway FQDN.

Troubleshoot Common SSL Issues

Here are some common issues that appear when installing an SSL certificate on a Remote Desktop Gateway server, along with steps to fix them:

1. Certificate Not Trusted / Chain Incomplete

   Error: “The certificate is not from trusted certifying authority.”

   

   Fix: Check that the entire certificate chain (including intermediate CAs) is installed on the server and/or trusted root store.

2. Certificate Name Mismatch

   Error: “The Server Name on the Certificate is incorrect.”

   

   Fix: Be sure that the FQDN seen in the certificate’s CN or SAN is the same one used by clients to connect.

3. Certificate Expired or Not Yet Valid

   Error: “The certificate has expired or is not yet valid.”

   

   Fix:

   • Ensure the server clock is correct.
   • Reissue or renew the certificate if it’s expired.

4. Private Key Missing

   Error: “The certificate associated with this site does not have a private key.”

   Fix:

   • Make sure the private key you’re importing is correctly paired with the SSL certificate.
   • Double-check the password for any typos.
   • Confirm that the Network Service account has access to the private key to allow proper SSL functionality.

5. Certificate Not Selected in RD Gateway Manager

   Error: “Connection fails due to missing SSL certificate selection, lack of user permission, or incorrect remote computer name format.”

   Fix: Go to RD Gateway Manager → Properties → SSL Certificate Tab, and select the correct certificate.

Wrap-Up

Securing your Remote Desktop Gateway with an SSL certificate is important for maintaining a trusted and encrypted connection between users and your internal network. By following this guide, you can protect and professionally configure your RD Gateway.

Related Articles

• What Happens If SSL Certificate Expires?
• What is the Certificate Chain of Trust? Everything You Need to Know
• What Is a CA Bundle in SSL? – A Step-by-Step Guide to Create It
• How to Move or Copy SSL Certificate from One Web Server to Another