Submit a request

Nerdio Help Center

SSL Certificate Maintenance - General Overview

Applies to partners that have enabled the whitelabel feature in Nerdio for Azure (NFA)

Subject: IMPORTANT: SSL Expiration and Replacement – ACTION REQUIRED


On September 18th, 2019, the SSL wildcard certificate for * will be expiring.  This SSL certificate is used by all whitelabeled Nerdio for Azure accounts. Nerdio automation will manage the changes required to update the certificate in your Nerdio environment(s) but you are required to take action after August 4th, 2019 and before the certificate expiration date.


Why am I getting this notice?

You are a Nerdio partner and have active Nerdio for Azure accounts.


What actions do I need to take?

Between August 4th and September 18th, 2019 log into DC01 in each of your Nerdio for Azure deployments and execute the script provided by Nerdio (download Install.ps1). This script will automatically update the SSL certificate on all VMs in the environment.

Step-by-step instructions and details can be found here.


What will happen if I do not take action?

On September 18th the * wildcard SSL certificate used by whitelabeled Nerdio for Azure accounts will expire and users will not be able to connect to their virtual desktops and RDS sessions.


What needs to happen if I manually imported the * wildcard SSL certificate into my customer’s Thin Client end-user devices?

You can download the latest version of the certificate here.  Update the Thin Clients using this updated SSL certificate.


Common Questions:

  • Does this apply to all my Nerdio for Azure accounts?
    • No – only whitelabeled accounts that use * and not * You can see if whitelabeling is enabled in NAP by going to Settings>Whitelabel while logged in as a Partner Admin user.  Even if your accounts are not whitelabeled you should run the script to enable the system to automatically renew the * wildcard certificate in the future.
  • How long will it be before the new SSL certificate expires again?
    • The new certificate is valid for two years.  However, you will not have to go through these steps again in the future since the automation installed by the script that you will run is going to update the SSL certificate in the future before it expires.
  • Is there anything I need to do on my users’ local devices?
    • The RDP files generated by the Nerdio Admin Portal (NAP) are signed with the then-current SSL certificate.  Therefore, after September 18th users of NAP-generated RDP files may receive an “unknown publisher” warning. You have two options:
      • Check the “trust this publisher” checkbox and the message will no longer come up
      • Generate new RDP files in NAP and distribute to the users before September 18th
  • What about PRX01 ADFS proxy server that’s in the DMZ?
    • Nerdio will perform updates on the PRX01 VMs.  This is only relevant if you are using Active Directory Federation Services (ADFS).
  • Will I have to do this again in two years when the new certificate expires?
    • No.  The actions you will take prior to September 18th will configure all VMs to automatically update themselves when the certificate expires in 2 years.
    • Newly provisioned Nerdio for Azure deployments (after August 4th, 2019) will auto-update their certificates prior to their expiration. No action on your part is necessary.


What if I still have questions or need help?

Please don’t hesitate to contact us at and we’ll answer any questions you may have.




  1. - certificate file - Current certificate for *
  2. - certificate file - New certificate for *
  3. Install.ps1 - PowerShell script - Script to execute on DC01


Was this article helpful?
0 out of 0 found this helpful


Article is closed for comments.