I have a Windows 2012 R2 farm with two session hosts servers, a server that is both gateway web host for the portal. The internal and external domain names are the same (before my time so I'm stuck with it) Internal hosts use a Microsoft DNS server for name resolution and the rest of the world uses the Internet DNS. The session hosts are resolvable from inside by their hostnames but not so from the outside. The farm works fine as is with one exception. When users launch an app they get the certificate mismatch error because the host name a) doesn't match the farm's DNS name and b) the cert is self-signed so it doesn't chain back to a trusted authority.
I bought a SAN cert form DigiCert to fix the issue but when I try apply it to theRD Connection Broker - Publishing service in the deployment I get the following error:
"The specified certificate is not valid. The certificate properties must match the requirements of the role service."
The PFX was created by highlighting the DigiCert Global root and the farm cert I purchased from them and exporting to PFX format with a key. The cert I got from digicert has the following :
- Ensures the identity of a remote computer
- Proves your identity to a remote computer
- 2.16.840.1.114412.1.1
The Subject Alternative names are the FQDNs of the servers in the farm as well as the externally and internally DNS registered name of the farm host itself.
Enhanced Key Usage shows:
Server Authentication (1.3.6.1.5.5.7.3.1)
Client Authentication (1.3.6.1.5.5.7.3.2)
Can anyone tell me why this isn't working and what I need to do to get it to work?
Thanks
Jack