[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 478
  • Last Modified:

need some advice on using ssl for rdp connections

I need to configure RDP connections on the domain to use SSL. I know how to apply a GPO that will set that up. My question is; How will clients trying to use RDP on our network have to connect?
Do I have to buy a SSL cert?
0
bankadmin
Asked:
bankadmin
  • 4
  • 3
1 Solution
 
jlanderson1Commented:


First you will need to download this:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&displaylang=en

This tool as a command utility called SELFSSL.EXE for creating self-signed certificates.

On the start menu, find the IIS kit you installed, and run the command prompt window in the program group.

When that opens, type" "SelfSSL.exe /CN=domain.com /V:365" into the command prompt and press "Enter." Replace "domain.com" with your network domain name.

Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol.

Right-click "RDP-Tcp" and select "Properties." This opens a new configuration window. Click the "General" tab. Select "Negotiate" in the "Security" drop-down box. This enables TLS. Choose your encryption level in the next drop-down. For most users, choose "High" as the encryption level for maximum security.

Click the "Edit" button next to the "Certificate" text box. Select your certificate and click "OK." Select "SSL" from the "Security Layer" text box and click "OK." Click "OK" in the main properties window to close it. This sets your RDP protocol for SSL encryption.
0
 
bankadminAuthor Commented:
THanks for the info.
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol."
Shouldnt I use a GPO for configuring this domain wide instead of doing this step?

Should these steps be preformed on the DC?
Will these steps need to be preformed on all servers RDP is used to access?
Will these steps have to be preformed on all PC's that need to use RDP to access servers or workstations?
0
 
jlanderson1Commented:
"Click the Windows "Start" button and click "Programs." Click "Administrative Tools" then click "Terminal Server Configuration." This opens the manager where you can configure the SSL protocol for the remote protocol." -- Applies to the Server you want to RDP to.  You can do this via GPO, I would imagine.

The SELFSSL certificate process should be run on one of the servers you want to RDP to.  Then the certificate needs to be installed on each server to which you will RDP following the process used above.

The PCs only need to set the authentication option, which is shown in the link below:

http://www.kreslavsky.com/2006/10/configure-rdp-over-ssl-with-selfssl.html

0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 
bankadminAuthor Commented:
I do use RDP to connect to users workstations sometimes also. So the PC's would also need the selfssl installed correct?

0
 
jlanderson1Commented:
You cannot do the same procedure on an XP computer....It is not supported.  Only to server 2003 SP1 and later.

 You can do some of the following to secure RDP to an XP computer.

http://www.mobydisk.com/techres/securing_remote_desktop.html
0
 
bankadminAuthor Commented:

Thanks for all the advice.
0
 
bankadminAuthor Commented:
Oops I should have tested before I closed the question. I ran the CMD as specified in your first post it didnt create the cert, I have attached a screenshot of what I got.. I blacked out my domain name but it is correct, I tried it with and without .com
cmd-resultsSSl.bmp
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now