High Guys,
i am trying to implement a Server 2012 Deployment with internal and external Access. I have Installed 2 Connection Brokers in HA Mode. One internal Web Interface and one external Interface with RD Gateway.
Internal Connection has no issues. Everything is running fine. But if i try to Access a Session Host from the Internet, i a get a Warning that the Identity of the Remote Computer could not be checked. What i found out is, that the RD Session Hosts use a self signed Certificate, witch could not be checked by Clients.. I can understand, that a Workgroup PC could not check. So i tryed to use Certificates from our internal CA. I installed the Root CA Cert in the Clients trusted root certification Authority store. And after installing the Certs on the RD Session Host i get the Message, that a Certificate revocation check could no be performed. This is shurly true, because i don´t publish revocation Information. The Cert fron the CA containes LDAP revocation Information, but the LDAP query can not be performed from the Internet. So i tried to remove all revocation Information from the Cert, but i had no success with that. I still get the Warining that a revoscation check is ot possible.
So my question is, is it possible to use a internal CA for the Session Host Server certificates without any Revocation Information ? this would be my preffered solution. If this is not possible, can i use a Certificate with HTTP Only CDP Information, or do i have to implement OSCP ?
Thanks for your Feedback
Reiner