?
Solved

need some advice on using ssl for rdp connections

Posted on 2011-03-01
7
Medium Priority
?
474 Views
Last Modified: 2012-05-11
I need to configure RDP connections on the domain to use SSL. I know how to apply a GPO that will set that up. My question is; How will clients trying to use RDP on our network have to connect?
Do I have to buy a SSL cert?
0
Comment
Question by:bankadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Accepted Solution

by:
jlanderson1 earned 2000 total points
ID: 35007490


First you will need to download this:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

This tool as a command utility called SELFSSL.EXE for creating self-signed certificates.

On the start menu, find the IIS kit you installed, and run the command prompt window in the program group.

When that opens, type" "SelfSSL.exe /CN=domain.com /V:365" into the command prompt and press "Enter." Replace "domain.com" with your network domain name.

Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol.

Right-click "RDP-Tcp" and select "Properties." This opens a new configuration window. Click the "General" tab. Select "Negotiate" in the "Security" drop-down box. This enables TLS. Choose your encryption level in the next drop-down. For most users, choose "High" as the encryption level for maximum security.

Click the "Edit" button next to the "Certificate" text box. Select your certificate and click "OK." Select "SSL" from the "Security Layer" text box and click "OK." Click "OK" in the main properties window to close it. This sets your RDP protocol for SSL encryption.
0
 

Author Comment

by:bankadmin
ID: 35007676
THanks for the info.
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol."
Shouldnt I use a GPO for configuring this domain wide instead of doing this step?

Should these steps be preformed on the DC?
Will these steps need to be preformed on all servers RDP is used to access?
Will these steps have to be preformed on all PC's that need to use RDP to access servers or workstations?
0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 35007805
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol." -- Applies to the Server you want to RDP to.  You can do this via GPO, I would imagine.

The SELFSSL certificate process should be run on one of the servers you want to RDP to.  Then the certificate needs to be installed on each server to which you will RDP following the process used above.

The PCs only need to set the authentication option, which is shown in the link below:

http://www.kreslavsky.com/2006/10/configure-rdp-over-ssl-with-selfssl.html

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:bankadmin
ID: 35008027
I do use RDP to connect to users workstations sometimes also. So the PC's would also need the selfssl installed correct?

0
 
LVL 5

Expert Comment

by:jlanderson1
ID: 35009145
You cannot do the same procedure on an XP computer....It is not supported.  Only to server 2003 SP1 and later.

 You can do some of the following to secure RDP to an XP computer.

http://www.mobydisk.com/techres/securing_remote_desktop.html
0
 

Author Comment

by:bankadmin
ID: 35018831

Thanks for all the advice.
0
 

Author Comment

by:bankadmin
ID: 35019180
Oops I should have tested before I closed the question. I ran the CMD as specified in your first post it didnt create the cert, I have attached a screenshot of what I got.. I blacked out my domain name but it is correct, I tried it with and without .com
cmd-resultsSSl.bmp
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Printing Using Remote Desktop Windows 7 sometimes has issues with printing to a local printer using a Remote Desktop Connection (RDC). The 1st step is to verify that printers are checked on the Local Resources tab of the Remote Desktop C…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question