Hello,
I follow this link How to create an UCS-CA signed certificate for a non-UCS system within domain to generate a certificate for a remote desktop server.
Then i convert it to *.pfx so i can import it to rds, but i always get an error:
I was albe to import the same *.pfx into the iis and because i add the univention root ca into the server via gpo the iis works ok and the cert is trusted.
Only can’t put it to work in rds
This helped UCS 4.1 RootCA und Windows 2012 R2 Terminalserver Zertifikat
NOTE1: use google translator…
NOTE2: the wmic command have some bugs (maybe because forum migration as is an old post)
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash = "certfingerprint"
NOTE3
In /etc/univention/ssl/openssl.cnf if we add the line
extendedKeyUsage = serverAuth
The “normal” import solution in windows work out of the box, my question is why that option is missing in ucs 4.3? Can we keep it?
From the refered post i’m assuming that option already exists in ucs defaults…
Thanks
Anyone from univention can comment on this?