Would you like to test the new OS inclusive the access from Internet without need to pay for another certificate?
Maybe you have seen my post about creating certificate for the WHS2011 at http://forum.wegotserved.com/index.php/topic/18775-can-i-use-may-own-domain-for-remote-access-without-moving-it-to-ms-partnered-registrator/#entry107718
I am pretty sure you agree that the procedure was so complex that it could be called a hack 
In contrary to WHS2011 the procedure in W2012E is less complicated.
The changes in the Windows Server SKUs regarding the Certification Authority made it easier.
The Enterprise version of server is gone and the enterprise functionality was moved to the Standard version of server and the same happened to the Certification Authority role.
It means there isn't any template-less Certification Authority even in the W2012E SKU anymore.
Back to the topic.
In the W2012E there is a possibility to choose between two options regarding the certificates.
Either register or move your existing internet domain to a supported registrar and buy a certificate or use a certificate you already own.
If you chose to use a certificate you already own the Anywhere Access wizard asks for a .pfx file.
In case you have already paid for the cert when configuring the WHS2011 it is stored in the WHS certificate store and you can export it from your WHS2011 server and import it using the above mentioned wizard to W2012E.
For the export you can use the steps in paragraph 5 below.
If you have never bought one or you want use a different name for the new server and you don't want to pay for it you can follow the steps bellow.
Note that for two simultaneously from internet available servers you need except two certificates also two public IP addresses, DNS records and router forwarding rules.
Prerequisites:
the W2012E OS is already setup and running
you are connected to the server through Remote Desktop (mstsc.exe) under the administrator account you choose to create during the server setup
1. Prepare the Management console
go to Start screen and write MMC
in MMC add the Local computer certificate snap-in
in MMC go to File then choose Add/Remove Snap-in...
in Add/Remove Snap-in choose Certificates and click on Add
in Certificate snappin choose Computer and click Next
in Select Computer window leave the default option Local Computer and click Finish
in Add/Remove Snap-in choose Certification Authority and click on Add
in Certification Authority window leave the default option Local Computer and click Finish
in Add/Remove Snap-in click on OK
2. Prepare Certificate Request
expand the tree Certificates (Local Computer)/Personal/Certificates
right click on the Certificates folder and choose All Tasks/Advanced Operations/Create Custom Request...
on the first page of the Certificate Enrollment window click Next
on the Select Certificate Enrollment Policy page click Next
on the Custom Request page choose the Windows Server Solutions Computer Certificate template from the dropdown menu and click Next
on the Certificate Information page click on the small down pointing arrow next to Details to expand details and click on Properties
in the Certificate Properties window choose the Common Name option from dropdown menu of the Subject Name section and fill in your servers internet name (hs.domain.com) and click Add
in the Certificate Properties window choose the DNS option from dropdown menu of the Alternative Name section and fill in your servers internet name (hs.domain.com) and click Add
switch to the Private Key tab and in the Key Options section check the "Make private key exportable" checkbox and click OK
on the Certificate Information page click on Next
On the "Where do you want save the offline request?" page click on Browse and save the file to your favorite place
3. Issue the certificate using the request you have generated in steps of paragraph 2
expand the tree Certification Authority tree
right click your CA, it's name is built from the the Company and Server name you have chosen while setting up the server, in my case HOME-HS-CA and click All Tasks/Submit New Request...
in the Open Request File window navigate to the request file created in steps of paragraph 2
in the Save Certificate window navigate to your favorite place and save the certificate
4. Import the certificate you created in step 3 to certificate store
expand the tree Certificates (Local Computer)/Personal/Certificates
right click on the Certificates folder and choose All Tasks/Import...
on the first page of the Certificate Import Wizard window click Next
on the File to Import page click on Browse and navigate to the certificate file you have created in steps of paragraph 3
if everything went well you should see a certificate in the Certificates (Local Computer)/Personal/Certificates folder
5. Export the certificate to pfx file
right click the certificate you have created in steps of paragraph 4 and choose All Tasks/Export...
on the first page of the Certificate Export Wizard window click Next
on the Export Private Key page choose "Yes, export the private key"
on the Export File Format page uncheck the "Include all certificates in the certification path if possible" checkbox
on the Export File Format page check the "Export all extended properties" checkbox and click Next
on the Security page check the "Password" checkbox fill the password of your wish twice and click Next
on the File to Export page click on Browse and save the file to your favorite place
right click the certificate and choose Delete (assuming you have successfully exported the certificate to pfx so you don't need it anymore and the Anywhere Access Wizard will actually import it back)
6. Now you can start the Dashboard and run the Setup/Anywhere Access wizard to configure the remote access and pick the certificate you have just exported in steps of paragraph 5.
7. Make the in-house Root CA certificate trustworthy
The client computer needs to trust the root certificate of the nonpublic Certification Authority to be able to login into the servers remote web interface.
So you need to install the root certificate in to the client certificate store manually.
You can use part of the steps in paragraph 1 to prepare the MMC console to be able to manage the Local Computer certificates of the client computer.
And use the steps in paragraph 4 to import the CA certificate available in servers shared folder \hsCertEnroll where "hs" is computer name of your server.
The certificates name is composed from the server name, NetBios and FQDN name of the domain which was derived from the company name you filled in during the server setup.
I have used HOME for the Company name so the certificate file name is HS.HOME.local_HOME-HS-CA.crt.
It might be that the CA root certificate is imported automatically by the connection wizard, which you should run on every client to connect them to the server using the http://HS/connect address, but I am not that far with my tests.
I hope I haven't forgotten some important step as I write this from my head not repeating what I did yesterday.
I have made some screenshots, they start with numbers connected to the numbers of the paragraphs.
have fun
PiGeon
PS: If you want to connect to the servers Desktop instead Dashboard using the web remote access (Anywhere Access) you can configure it on the Dashboard/Settings/Anywhere Access/Web Site Settings/Custom/Server Connection Options tab, you don't need to "hack" the registry anymore.
PS2: The IE address bar was red even after importing the cert on W8 machine which is not connected to HS, so I had to add the HS external name to trusted sites on IE/options/Security tab of that machine.
