Internet Domain at Wix: we need advice


#1

Hello everyone,

Thank you for providing Certify the web for Windows, and for all the help provided here!

We are running it on a Windows Server 2016 Standard, and we need it to generate a SSL certificate for Remote Desktop Web Access.

We need it to be working for a host (remote.company.com) that is different from the company website IP address (www.company.com). For the host, we have DNS A records working correctly at WIX DNS, pointing to our WAN IP server addresses. This already works for standard remote desktop mstsc.exe, but always asking for certificate.

How we should proceed? At our Windows Server, he have a Configuration Test Result asking to create a new TXT record named _acme-challenge-test… and a lot of details, that we need to copy and we are unable to, as the GUI doesn’t allow that and the log doesn’t include the info.

Any help would be greatly appreciated!


#2

Hi, the configuration test is exactly that - just a test, and is more suited to other automated requests, so copying those values and creating them won’t do anything much. Instead, perform a real certificate request (with ‘Request Certificate’) and if you need to copy the text values use Open Log File to copy and paste from.

You have opted to try using manual DNS validation, but you can also use http validation if the server is allowed to have port 80 open, the app will then temporarily serve http challenge responses as required. Alternatively if port 80 can’t be opened, or if the server just won’t be internet accessible, then the DNS challenge is fine.

I’d break the problem into chunks, get your certificate request working first (also, under Deployment choose ‘Certificate Store Only’ if you will not be binding the certificate to a website). Once that’s working you will need to look at ‘Show Advanced Options’ > Scripting to get the certificate to automatically bind to the RDP service every time it renews. There is a starter script we provide but it does need some edits generally, so check out this discussion as well: Post-renewal script for binding new certificate to Remote Desktop Gateway


#3

It is working, webprofusion!

Thank you for taking the time to reply to this issue. Cheers!