It is recommended to always use certificates from a public Certificate Authority or an internal Certificate Authority.
Self-signed certificates will show as untrusted as you will see in the example below. In the real world you would deploy using certificates from a CA your client trusts.
To start deployment of the RD Gateway, it is required you already have an RDS Deployment.
Select RD Gateway
Select the server name below and click the arrow to add it to the right hand column.
Type the external FQDN or URL that users will be typing in their web browser to reach the RD environment.
In the below example the external clients would type rdpfarm.com to reach the RD Gateway. For an encrypted
connection to be successful the certificate name must match the FQDN.
The information at the bottom lets us know the deployment was successful however a certificate needs to be configured.
If you click "Configure certificate" you will be able to configure each roles needed certificate, however for informational
purposes we will navigate to those settings an alternate way to show you how to get it to it in the future should you ever need
to change certificates.
Next click on Tasks and click Edit Deployment Properties.
From here we can edit many of the deployment settings. Our concern now is specifying a certificate.
Since all roles are installed on a single server in this deployment, we need to be sure to use the same certificate
for Web Access and Gateway. Here it is possible to run in to some issues if using self-signed certificates
which we will discuss later.
Since we do not have a purchased certificate or a CA of our own, we will click Create new certificate…
Pick the certificate name, which needs to match the external FQDN of the server. We have the option to store it
on the hard drive where we can import it to other machines. Not necessary here but a good idea if you back up
your certificates separately.
You must allow the certificate to be added to the destination clients Trusted stores.
As you can see I have applied the cert to both Roles here and it is Untrusted. This once again is because it is
a self-signed certificate and should not be used in production.
Click OK when finished.
Had a certificate from a Public CA or my own CA been issued and used. It would look more like what you see here.
This is what you want for any real-world setup.
You have now successfully configured the RD Gateway. Further configuration and authorization policies can be done from Administrative Tools > Remote Desktop Services > Remote Desktop Gateway Manager.