murkytuna
asked on
Plugin ID 51192—SSL Certificate Cannot Be Trusted (PORT 3389) and Plugin ID 57582—SSL Self-Signed Certificate (PORT 3389)
Hi. We would like to try to get rid of this vulnerability result from Symantec Nessus:
Plugin ID 51192—SSL Certificate Cannot Be Trusted (PORT 3389) and Plugin ID 57582—SSL Self-Signed Certificate (PORT 3389)
Might there be a way to authorize the certificate so it won't show up in the scan?
we can't exclude it.
Plugin-ID-51192---SSL-Certificate-Ca.jpg
Plugin-ID-57582---SSL-Self-Signed-Ce.jpg
Plugin ID 51192—SSL Certificate Cannot Be Trusted (PORT 3389) and Plugin ID 57582—SSL Self-Signed Certificate (PORT 3389)
Might there be a way to authorize the certificate so it won't show up in the scan?
we can't exclude it.
Plugin-ID-51192---SSL-Certificate-Ca.jpg
Plugin-ID-57582---SSL-Self-Signed-Ce.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm not sure the SSL config has to be done on the clients, so I doubt a GPO would be necessary.
On the server, you configure RDP-Tcp to use SSL by selecting the certificate on the General tab of the RDP-Tcp properties in Remote Desktop Session Host Configuration.
Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration:
Right click on RDP-Tcp and go to Properties.
Give it a shot and let me know how it goes. Like I said, I'm curious about this - I've never done it myself.
On the server, you configure RDP-Tcp to use SSL by selecting the certificate on the General tab of the RDP-Tcp properties in Remote Desktop Session Host Configuration.
Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration:
Right click on RDP-Tcp and go to Properties.
Give it a shot and let me know how it goes. Like I said, I'm curious about this - I've never done it myself.
ASKER
This will definitely fix it. Unfortunately we can't implement it yet.
LOL... yeah... those are the best situations: "This is a problem, but you can't fix it yet!"
ASKER
What would be a good solution for this on the workstation end as opposed to the server end?
What do you mean?
ASKER
on the windows 7 computer end, how could this be fixed on an individual machine?
ASKER
Could this be done through a GPO?
running windows 7 on vmware zero clients.