Solved

need some advice on using ssl for rdp connections

Posted on 2011-03-01
7
472 Views
Last Modified: 2012-05-11
I need to configure RDP connections on the domain to use SSL. I know how to apply a GPO that will set that up. My question is; How will clients trying to use RDP on our network have to connect?
Do I have to buy a SSL cert?
0
Comment
Question by:bankadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Accepted Solution

by:
jlanderson1 earned 500 total points
ID: 35007490


First you will need to download this:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

This tool as a command utility called SELFSSL.EXE for creating self-signed certificates.

On the start menu, find the IIS kit you installed, and run the command prompt window in the program group.

When that opens, type" "SelfSSL.exe /CN=domain.com /V:365" into the command prompt and press "Enter." Replace "domain.com" with your network domain name.

Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol.

Right-click "RDP-Tcp" and select "Properties." This opens a new configuration window. Click the "General" tab. Select "Negotiate" in the "Security" drop-down box. This enables TLS. Choose your encryption level in the next drop-down. For most users, choose "High" as the encryption level for maximum security.

Click the "Edit" button next to the "Certificate" text box. Select your certificate and click "OK." Select "SSL" from the "Security Layer" text box and click "OK." Click "OK" in the main properties window to close it. This sets your RDP protocol for SSL encryption.
0
 

Author Comment

by:bankadmin
ID: 35007676
THanks for the info.
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol."
Shouldnt I use a GPO for configuring this domain wide instead of doing this step?

Should these steps be preformed on the DC?
Will these steps need to be preformed on all servers RDP is used to access?
Will these steps have to be preformed on all PC's that need to use RDP to access servers or workstations?
0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 35007805
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol." -- Applies to the Server you want to RDP to.  You can do this via GPO, I would imagine.

The SELFSSL certificate process should be run on one of the servers you want to RDP to.  Then the certificate needs to be installed on each server to which you will RDP following the process used above.

The PCs only need to set the authentication option, which is shown in the link below:

http://www.kreslavsky.com/2006/10/configure-rdp-over-ssl-with-selfssl.html

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:bankadmin
ID: 35008027
I do use RDP to connect to users workstations sometimes also. So the PC's would also need the selfssl installed correct?

0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 35009145
You cannot do the same procedure on an XP computer....It is not supported.  Only to server 2003 SP1 and later.

 You can do some of the following to secure RDP to an XP computer.

http://www.mobydisk.com/techres/securing_remote_desktop.html
0
 

Author Comment

by:bankadmin
ID: 35018831

Thanks for all the advice.
0
 

Author Comment

by:bankadmin
ID: 35019180
Oops I should have tested before I closed the question. I ran the CMD as specified in your first post it didnt create the cert, I have attached a screenshot of what I got.. I blacked out my domain name but it is correct, I tried it with and without .com
cmd-resultsSSl.bmp
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
Learn about cloud computing and its benefits for small business owners.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question