Create a Self-Signed Certificate for the TS Gateway Server

Updated: March 15, 2010

Applies To: Windows Server 2008

This procedure describes how to use TS Gateway Manager to create a self-signed certificate for technical evaluation and testing purposes, if you did not already create one by using the Add Roles Wizard when you installed the TS Gateway role service.

We recommend that you use self-signed certificates only for testing and evaluation purposes. After you create the self-signed certificate, you must copy it to the client computer (or to a network share that can be accessed from the client computer), and then install it in the Trusted Root Certification Authorities store on the client computer.

If you create a self-signed certificate by using the Add Roles Wizard during installation of the TS Gateway role service, or by using TS Gateway Manager after installation (as described in this procedure), you do not need to install or map the certificate to the TS Gateway server.

Membership in the local Administrators group, or equivalent, on the TS Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

  1. Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.

  2. In the console tree, click to select the node that represents your TS Gateway server, which is named for the computer on which the TS Gateway server is running.

  3. In the results pane, under Configuration Status, click View or modify certificate properties.

  4. On the SSL Certificate tab, click Create a self-signed certificate for SSL encryption, and then click Create Certificate.

  5. In the Create Self-Signed Certificate dialog box, do the following:

    1. Under Certificate name, verify that the correct common name (CN) is specified for the self-signed certificate, or specify a new name. The CN must match the DNS name that the client uses to connect to the TS Gateway server, unless you are using wildcard certificates or the SAN attributes of certificates.

    2. Under Certificate location, to store the root certificate in a specified location so that you can manually distribute the root certificate to clients, verify that the Store the root certificate check box is selected, and then specify where to store the certificate. By default, this check box is selected and the certificate is stored under the %Windir%\Users\<Username>\Documents folder.

    3. Click OK.

  6. If you selected the Store the root certificate check box and specified a location for the certificate, a message will appear stating that TS Gateway has successfully created the self-signed certificate, and confirming the location of the stored certificate. Click OK to close the message.

  7. Click OK again to close the TS Gateway server Properties dialog box.

Community Additions