Configuring Remote Desktop Gateway (RD Gateway) in Windows Server 2012 R2

It is recommended to always use certificates from a public Certificate Authority or an internal Certificate Authority.

Self-signed certificates will show as untrusted as you will see in the example below.  In the real world you would deploy using certificates from a CA your client trusts.

To start deployment of the RD Gateway, it is required you already have an RDS Deployment.

Select RD Gateway
 

Select the server name below and click the arrow to add it to the right hand column.

Type the external FQDN or URL that users will be typing in their web browser to reach the RD environment.

In the below example the external clients would type rdpfarm.com to reach the RD Gateway.  For an encrypted

connection to be successful the certificate name must match the FQDN.
 

Click Next.

The information at the bottom lets us know the deployment was successful however a certificate needs to be configured.

If you click "Configure certificate" you will be able to configure each roles needed certificate, however for informational

purposes we will navigate to those settings an alternate way to show you how to get it to it in the future should you ever need

to change certificates.
 

Click Close.

Next click on Tasks and click Edit Deployment Properties.
 

From here we can edit many of the deployment settings.  Our concern now is specifying a certificate.
 

Since  all roles are installed on a single server in this deployment, we need to be sure to use the same certificate

for Web Access and Gateway.  Here it is possible to run in to some issues if using self-signed certificates

which we will discuss later.
 

Since we do not have a purchased certificate or a CA of our own, we will click Create new certificate…

Pick the certificate name, which needs to match the external FQDN of the server.  We have the option to store it

on the hard drive where we can import it to other machines.  Not necessary here but a good idea if you back up

your certificates separately.

You must allow the certificate to be added to the destination clients Trusted stores.
 

Click OK.

Click Apply.

As you can see I have applied the cert to both Roles here and it is Untrusted.   This once again is because it is

a self-signed certificate and should not be used in production.
 

Click OK when finished.

Had a certificate from a Public CA or my own CA been issued and used.  It would look more like what you see here.

This is what you want for any real-world setup.
 

You have now successfully configured the RD Gateway.   Further configuration and authorization policies can be done from Administrative Tools > Remote Desktop Services > Remote Desktop Gateway Manager.