Exportovat (0) Tisk
Rozbalit vše

Remote Desktop Services Migration Overview: Migrating Certificates

Aktualizováno: červenec 2010

Rozsah platnosti: Windows Server 2008, Windows Server 2008 R2

This topic provides a summary of the certificates used in each of the role services in Vzdálená plocha. It also provides a list of the Vzdálená plocha features that use certificates, and describes the general process for migrating certificates.

Typically, Hostitel relace vzdálené plochy servers use auto-generated certificates for server authentication. If Hostitel relace vzdálené plochy server certificates are auto-generated, you should record that information in the data worksheet; however, do not migrate the auto-generated certificate from the Hostitel relace vzdálené plochy server. The destination Hostitel relace vzdálené plochy server will auto-generate a new certificate. To gather the Hostitel relace vzdálené plochy server certificate settings, see the procedure in RD Session Host Migration: Preparing to Migrate.

This guide does not cover the migration of Hostitel relace vzdálené plochy server farms; however, these servers use an SSL certificate with a private key. If you plan to reuse your certificate, see the instructions in Preparing certificates for migration later in this topic to export the certificate.

The RDP files for virtual desktop connections can be digitally signed with certificates. To migrate certificates that are used for digitally signing RDP files for personal virtual desktops and virtual desktop pools, see RD Connection Broker Migration: Preparing to Migrate.

For more information, see About Digitally Signing Files for Virtual Desktop Connections (http://go.microsoft.com/fwlink/?LinkId=195063).

HTTPS connections to an RD Web Access server are secured with an SSL certificate in Web Server (IIS). To migrate the SSL certificate for RD Web Access servers, see RD Web Access Migration: Preparing to Migrate and RD Web Access Migration: Migrating the RD Web Access Role Service.

Although we do not migrate RemoteApp programs in this guide, certificates can be used to secure them. RemoteApp program certificates are located on the Hostitel relace vzdálené plochy server. If you plan to reuse your certificates, you should export them from the Hostitel relace vzdálené plochy source server before shutting it down.

For general instructions about migrating certificates with private keys, see Preparing certificates for migration.

notePoznámka
The private key must be included when migrating a certificate for digitally signing RDP files for RemoteApp programs.

For more information about using certificates with RemoteApp programs, see the following:

An SSL-compatible X.509 certificate is required before RD Gateway can serve connections.

To configure certificates for RD Gateway, see RD Gateway Migration: Preparing to Migrate.

RD Virtualization Host servers do not require certificates, and as a result there are no migration steps for certificates for RD Virtualization Host servers.

Remote Desktop license servers do not require certificates, and as a result there are no migration steps for certificates for Remote Desktop license servers.

Although this migration guide does not describe how to migrate the deployment of Vzdálená plocha features, the following list of features that use certificates is included for reference. Each of the following features uses certificates in at least one role service:

  • Single sign-on (SSO) for RemoteApp and Desktop Connection

  • Web Single Sign-On (Web SSO)

  • HTTPS connections to RD Web Access

  • Digital signing of RDP files for personal virtual desktops and virtual desktop pools

  • Digital signing of RDP files for Remote App programs

  • RD Gateway connections to Remote Desktop Services

  • RD Session Host server connections in a farm configuration

In most cases, the migration of certificates for Remote Desktop Services requires you to export the certificate with the private key. After export, you should store the certificate in a safe location.

A certificate with a private key can be migrated by using the following steps:

After you have imported the certificate to the certificate store on the destination server, follow the instructions for configuring the certificate in the migration guide for the specific role service.

Byl tento obsah pro vás užitečný?
(Zbývající počet znaků: 1500)
Děkujeme za váš názor.

Obsah vytvořený komunitou

Přidat
Zobrazit:
© 2014 Microsoft