Create Anywhere Access Certificate Windows 2012 Essentials 27

One of the nice features of Windows 2012 Essentials is the Anywhere Access functionality. To get this savely working you will need a certificate, but the installation wizzard will offer you to buy one with a trusted authority or move your domain to a trusted partner. Since I don’t want either choices, I created my own certificate.

Create Management Console

First you need to open up a MMC and add the “Certificates” snap-in. Choose “Computer Account” > “Local” > Finish. Next add the snap-in “Certificate Authority” and once again choose “Computer Account” > “Local” > Finish.

Create Certificate Request

Follow the next steps in the created MMC:

Certificates > Personal > Certificates > Right Mouse button – All Tasks – Advanced Operations – Create Custom Request > Next > Next >

Select “Windows Server Solution Certificate Template” > Next >

Open Details and select “Properties” > Subject name – Type: “Common name” – Value: FQDN of server (remote.domain.name) – Add > Alternative name – Type: “DNS” – Value: DNS name of server – Add >

Open “Private Key” tab > Open “Key Options” > Enable  “Make private key exportable” > Ok > Next > Choose a location for certificate request (type also .req behind filename because it’s not automatically added) > Save > Finish

Submit Certificate Request

Follow the next steps in the created MMC:

Certification Authority > Choose CA > Right Mouse button – All Tasks – Submit new request > Open Certificate request and save new Certificate.

Import Certificate

Now we need to import the certificate:

Certificates > Personal > Certificates > Right Mouse button – All Tasks – Import > Choose the new certificate > Next > Next > Finish.

You see the message “The Import was succesful.”

Export Certificate to PFX to use with the Anywhere Access wizard

Select imported certificate > Right Mouse button – All Tasks – Export > Next >

Enable “Yes, export the private key” > Next > Empty “Include all certificates in the certification path if possible” and Enable “Export all extended properties” > Next >

Enable Password and add password and confirm > Next > Save PFX file > Next > Finish

Delete the imported certificate from the personal certificates store: Certificates > Personal > Certificates > Right Mouse button – Delete – Yes.

You have now created a certificate to complete the Setup Anywhere Access wizard.

27 thoughts on “Create Anywhere Access Certificate Windows 2012 Essentials

  1. Pingback: Anywhere Access–Creazione certificato | mavboss

  2. Reply Chris B Nov 29,2013 21:27

    Your article was a life-saver (okay…time-saver would be more accurate). The new cert requirements in 2012 had me cussing and swearing. Now I am calm and quiet.

  3. Reply Michael Feb 4,2014 00:20

    Hey, thank you so much for this. You are a life saver. I did this once before but could not remember and needed it done asap today. This site helped me a ton.
    Thanks again.
    Michael Hall

  4. Reply Sean G Mar 4,2014 23:22

    Great post – Thanks!!!

    • Reply Cesare Auteri Apr 25,2014 14:53

      MMC = Microsoft Management Console. Type WinKey + R and type “MMC” to start a fresh console.

  5. Reply DMAC Aug 17,2014 19:30

    Wonderful! Very helpful… I knew local cert was possible as i’d done it before, but was struggling with the details. Many thanks!

  6. Reply Luis Nov 26,2014 13:30

    oh my god….thank you so much! bless your life! so many tutorials and CA created online (free) without success.

    Many thanks and keep helping the community!! I dig this!

  7. Reply Chian Jan 24,2015 13:13

    Super, very useful. Thank you

  8. Reply Ray Jan 26,2015 23:59

    Thanks for leaving a great trail, replacing MSFTs vague instructions.

  9. Reply Ronald Seipel May 2,2015 17:59

    Outstanding!
    Don’t know how many time i would have lost without this tutorial.
    Thank you so much!

  10. Reply brod May 29,2015 05:38

    Thanks so much, really straight forward and worked first time

  11. Reply JB. Great I can now get to server through browser and can login to server, but when I try to connect to client pc, I login but it prompts me with the compauter cannot verify with the rd gateway. I tried installing cer on local pc, what am I d Jul 12,2015 00:01

    Great I can now get to server through browser and can login to server, but when I try to connect to client pc, I login but it prompts me with the computer cannot verify with the rd gateway. I tried installing cer on local pc, what am I doing wrong?

    • Reply Cesare Auteri Jul 12,2015 20:48

      My guess is that you need to export the CA certificate on the server and import it on your PC to make a trusted connection.

  12. Reply Horsie Feb 22,2016 13:52

    dude. this is an awesome tutorial, anywhere access is sooooo confusing to someone like me with little experience in internet connectivity
    thanks a million
    Horsie

  13. Reply Edheldil Sep 3,2016 19:46

    Thank you very much!
    It works in Windows2016 too.

  14. Reply Jim C. Dec 11,2016 01:35

    I am confused about what to use I’m my situation. My server is called essentials.domain.local
    I want to hit the server from the internet at office.domain.com
    What do I need to use for the common name and the DNS name for below?

    Open Details and select “Properties” > Subject name – Type: “Common name” – Value: FQDN of server (remote.domain.name) – Add > Alternative name – Type: “DNS” – Value: DNS name of server – Add >

    Thank you very much.

  15. Reply Thomas May 2,2017 01:48

    This was a huge help. I was finally able to get Anywhere Access setup with a self signed cert.

    BUT….how the heck does one distribute the cert to non-domain PC’s?

    Thanks.

    Tom

    • Reply Cesare Auteri May 2,2017 05:56

      I have my certificate on a cloud disk. Sending it by email is also a possibility, but don’t forget to put it in a zip because programs like Outlook will block most files with a certificate extension.

  16. Reply Thomas May 2,2017 20:06

    I guess I mean do you use the .cer or the .pfx file on non-domain PC’s. I installed the .cer file on a PC but the browser still gives me a cert error.

    • Reply Cesare Auteri May 6,2017 19:29

      You need to use the .pfx (double click) and import it in the computer (not the user) container, and specifically the trusted root certificate authority.
      Otherwise the certificate will never be trusted.

  17. Reply Thomas May 9,2017 18:46

    Still doesn’t work. I get a mismatched address error in IE

    • Reply Cesare Auteri May 11,2017 20:03

      The only thing I can think of is that the certificate address (common name) you used is not matching the real connection address.

  18. Reply G.Prinz Oct 26,2017 11:10

    Hallo,
    thank you very much for this article.

    Id would be nice to have an update to Server 2016 Essentials, with detailed note for: Add > Alternative name – Type: “DNS” – Value: DNS name of server – Add >

    G.Prinz

  19. Reply Richard May 15,2018 00:31

    Thanks for a great posting. I am using Essential 2016 and it is mostly the same, but with a few differences.
    While I can connect to the server, I am having trouble connecting to any computer. I get “… RD gateway…” error so there must be something wrong with the certificate.

    I read through the comments and there are conflicting descriptions:

    Cesare Auteri Dec 11,2016 12:23
    FQDN = office.domain.com
    DNS = essentials.domain.local

    Raphael GEYER Jan 4,2017 01:23
    I had to use :
    FQDN = essentials.domain.local
    DNS = office.domain.com

    Say me server is named “server2016” and my Internet name is “remote.contoso.dyndns.org”, and the domain is “contoso.local”
    I used ..
    FQDN = remote.contoso.dyndns.org (I used DDNS controlled by the router)
    DNS = server2016
    Do I need to add the suffix to the DNS name, ie: server2016.contoso.local ?

    Is there anything specifically different for Estentials 2016

    Thanks again for the great site!

Leave a Reply

  

  

  

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.