Solved

Remote Desktop SSL Settings and Certificate Aquire

Posted on 2009-05-11
4
2,649 Views
Last Modified: 2013-11-21
I received this failure for a monthly scanning service.
How do I aquire a certificate for my remote desktop server to complete this?
How do I accomplish all this?

Synopsis : It may be possible to get access to the remote host. Description : The remote version of Remote Desktop Protocol Server (Terminal Service) is vulnerable to a man in the middle attack. An attacker may exploit this flaw to decrypt communications between client and server and obtain sensitive information (passwords, ...). Solution: Force the use of SSL as a transport layer for this service. See also : http://www.oxid.it/downloads/rdp-gbu.pdf http://technet.microsoft.com/en-us/libra ry/cc782610.aspx Risk Factor: Medium  / CVSS Base Score : 5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P) CVE : CVE-2005-1794 BID : 13818 Other references : OSVDB:17131

Thanks!
0
Comment
Question by:rickpary
  • 2
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24379953
A normal web server certificate is fine - from your own CA or commericial CA (e.g. godaddy) and should be installed on the TS server and TS gateway (TSG) if you have one.

RDP 6.0 to support which came with XP SP2 and should work okay, however it is recommended that you go with RDP 6.1 that shipped with the latest service packs for each OS.  This provides the ability to have SAN certs (multiple names in the same cert - i.e. you can have hostname, dns name, dns aliases, IP addresses, etc.), better support for remote printing, etc.  

You can get just the RDP 6.1 client installer her if you aren't ready to roll out XP SP3 yet, so you can use the newest version:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en


A description of RDP 6.1 and its features is here:
http://support.microsoft.com/kb/951616

Description of RDP 6.0 is here and mentions TSG:
http://support.microsoft.com/kb/925876
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 500 total points
ID: 24379972
0
 

Author Comment

by:rickpary
ID: 25172132
Can someone walk me thru this?
I just need to create a certificate and install it.
THe above is confusing.
Thank You
0
 

Author Comment

by:rickpary
ID: 25172279
I am running Microsoft Windows Server 2003 for Small Business Server SP2.
How do I create and install the certificate?
0

Featured Post

Swamped with email signature updates?

Have you been given a load of changes to make to your users’ email signatures? Having to manually implement multiple signatures for every department? Let Exclaimer save you from being swamped with email signature updates!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

##the calculator has been updated to version 1.6 please download the use the updated version## Hi there, After the previous post of the original version of the calculator here : http://www.experts-exchange.com/articles/OS/Microsoft_Operatin…
Problem Description: Actually I found the below issue with some customers after migration from SMS 2003 to SCCM 2007 and epically if they change site code, some clients may appear in the console with old site code, plus old sites still appearing …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now