Server 2012 RDS Certificate Solution

Everything I had read online pointed to having a Public SAN certificate or using a Self-Signed certificate and pushing it out via group policy. I could not find anything about using an Enterprise CA to delve out a certificate for RDS. This got me thinking about using a SAN certificate internally, but how?

On your Enterprise CA you can run the following commands to allow for SAN Certs
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc

Next lets open the Certificates Templates Console
Right-Click the Computer certificate and click “Duplicate Template”.


I just called this template RDS-Cert and set the Validity period to 4 Years.

