Map the TS Gateway Certificate

Applies To: Windows Server 2008

You must use TS Gateway Manager to map the TS Gateway server certificate. If you map a TS Gateway server certificate by using any other method, TS Gateway will not function correctly.


This procedure is not required if you created a self-signed certificate by using the Add Roles Wizard during installation of the TS Gateway role service, or by using TS Gateway Manager after installation, as described in Create a Self-Signed Certificate for the TS Gateway Server.

Membership in the local Administrators group, or equivalent, on the TS Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To map a certificate to the local TS Gateway server

  1. Open TS Gateway Manager. To open TS Gateway Manager, click Start, point to Administrative Tools, point to Terminal Services, and then click TS Gateway Manager.

  2. In the TS Gateway Manager console tree, right-click the local TS Gateway server, and then click Properties.

  3. On the SSL Certificate tab, click Select an existing certificate for SSL encryption (recommended), and then click Browse Certificates.

  4. In the Install Certificate dialog box, click the certificate that you want to use, and then click Install.

  5. Click OK to close the Properties dialog box for the TS Gateway server.

  6. If this is the first time that you have mapped the TS Gateway certificate, after the certificate mapping is completed, you can verify that the mapping was successful by viewing the TS Gateway Server Status area in TS Gateway Manager. Under Configuration Status and Configuration Tasks, the warning stating that a server certificate is not yet installed or selected and the View or modify certificate properties hyperlink are no longer displayed.