Create self-signed terminal services certificate and install it
Solution 1:
You can create a self-signed certificate with many different tools. Makecert is one such tool:
http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx
The OID for 'Server Authentication' is 1.3.6.1.5.5.7.3.1, so the argument -eku 1.3.6.1.5.5.7.3.1 will be in there somewhere.
makecert -r -pe -n CN="MyServer" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -b 01/01/2000 -e 01/01/2036
That should get you a self signed certificate in your computer's personal store that expires in 2036.
Solution 2:
If you have a large domain, the best result would be to setup an enterprise Certificate Authority. Then just setup policies so that your system automatically acquire a valid certificate from the CA.
Also setup policies so that any certificates issued from that CA will be automatically trusted.
Solution 3:
Completing Ryan Ries' answer above (as I've just worked out)
- Execute the makecert command suggested
makecert -r -pe -n CN="MyServer" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -b 01/01/2000 -e 01/01/2036
- Manage Computer Certificates - you'll find the created certificate in Personal Certificates
- Export the certificate (right click -> all tasks -> export -> include private key -> give it a secure password)
- On the TS server, open RD Gateway Manager
- Right click on the TS Server -> Properties -> SSL Certificate tab
- Import the certificate
...you should be good to go.