Skip to main content
Matrix42 Self-Service Help Center

HowTo: Add a custom SSL certificate to the Remote Desktop Gateway


Matrix42 MyWorkspace offers a seamless integration between SaaS/Web-Apps and Remote Desktop/App resources. When dealing with Remote Desktop Resources (RDP) it's often necessary to make applications and desktop available which are hosted in different locations or security zone. The Matrix42 Remote Desktop Gateway allows to make resource which are hosted in an on-premise network or a private cloud instance securely available for every end user. 

When hosting a remote desktop gateway on-premise using secure and trustworthy SSL certificates are important. Because of that every gateway should be configured in a way that browsers accept the established encrypted connection without warnings.


After completing this how-to you will be able to configure a Matrix42 MyWorkspace Remote Desktop Gateway in a way that the browsers of your end users will rate the connection as secure and valid without any warnings. 

First Step (optional)

You should create a SSL certificate from your favorite CA, e.g. Thawte or Symantec. It's important that the SSL certificate is prepared into a file which contains the certificate and one file which contains the private key. All files needs to be decrypted and stored in the so called PEM format.

Some CA gives you the option to download or export a PFX file which must be converted into a certifcate and private key file in the PEM format. OpenSSL can fulfill the task with the following to commands: 

openssl pkcs12 -in <<your-certificate>>.pfx -out ssl.crt -nodes -nokeys
openssl pkcs12 -in <<your-certificate>>.pfx -out ssl.key -nodes -nocerts

The file ssl.crt contains the certificate as self and ssl.key contains the private RSA key of the certificate. Both files are needed for a secure web server.

Second Step

Copy the certificate to the host of the remote desktop gateway and ensure that the file is named 


The private key file needs to be copied to the remote desktop gateway under the following name as well


Third Step

Last but not least restart the different service on the gateway with the controller tool as follows: 

m42-gateway restart

When the gateway services are restarted successfully your browser should identify your certificate behind the SSL connection. Ensure that a DNS name points to this machine which is secured by the given certificate.