Install a Certificate on the TS Gateway Server

Applies To: Windows Server 2008

After you obtain a certificate, use this procedure to install the certificate in the correct location on the TS Gateway server, if the certificate is not already installed. After you complete this procedure, you must Map the TS Gateway Certificate.


This procedure is not required if you created a self-signed certificate by using the Add Roles Wizard during installation of the TS Gateway role service, or by using TS Gateway Manager after installation, as described in Create a Self-Signed Certificate for the TS Gateway Server. In either case, a certificate is automatically created, installed in the correct location on the TS Gateway server, and mapped to the TS Gateway server.

Membership in the local Administrators group, or equivalent, on the TS Gateway server that you plan to configure, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (

To install a certificate on the TS Gateway server

  1. Open the Certificates snap-in console. If you have not already added the Certificates snap-in console, you can do so by doing the following:

    1. Click Start, click Run, type mmc, and then click OK.

    2. On the File menu, click Add/Remove Snap-in.

    3. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and then click Add.

    4. In the Certificates snap-in dialog box, click Computer account, and then click Next.

    5. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.

    6. In the Add or Remove snap-ins dialog box, click OK.

  2. In the Certificates snap-in console, in the console tree, expand Certificates (Local Computer), and then click Personal.

  3. Right-click the Personal folder, point to All Tasks, and then click Import.

  4. On the Welcome to the Certificate Import Wizard page, click Next.

  5. On the File to Import page, in the File name box, specify the name of the certificate that you want to import, and then click Next.

  6. On the Password page, do the following:

    1. If you specified a password for the private key associated with the certificate earlier, type the password.

    2. If you want to mark the private key for the certificate as exportable, ensure that Mark this key as exportable is selected.

    3. If you want to include all extended properties for the certificate, ensure that Include all extended properties is selected.

    4. Click Next.

  7. On the Certificate Store page, accept the default option, and then click Next.

  8. On the Completing the Certificate Import Wizard page, confirm that the correct certificate has been selected.

  9. Click Finish.

  10. After the certificate import has successfully completed, a message appears confirming that the import was successful. Click OK.

  11. With Certificates selected in the console tree, in the details pane, verify that the correct certificate appears in the list of certificates on the TS Gateway server. The certificate must be under the Personal store of the local computer.