Refresh GPO on the target server, and finally we attempt to connect via a stand-alone computer to verify it sees the certificate that we deployed. Second, we configure a GPO setting to automatically configure servers to request a certificate via this template, and use it for RDP TLS. The general process is first creating a new Certificate Authority certificate template that has an extended key usage to limit its use to only Remote Desktop TLS sessions. For the purposes of this article I’ll use Windows Server 2008 R2 CA, and Windows Server 2012 “target” server. Not surprising, since certificates are industry standard. Again, I’ve used both Windows Server 2008 R2 and Windows Server 2012 CAs with success. It may work on Windows Server 2008.It requires the use of a Microsoft enterprise online certificate authority. I’ve validated that this procedure works both on Windows Server 2008 R2 and Windows Server 2012. Thankfully this is fairly easy, and once configured, pushed down to all servers via GPO for automated deployment. So one should reconfigure Windows to use a trusted certificate. But as we all know, self-signed certificates are nearly worthless, and could easily be intercepted for man-in-the-middle attacks. Installing a RDP SSL certificate is easy.īy default Windows will create a self-signed certificate automatically for use with RDP. This functionality requires a certificate on the server, since TLS is based on the usage of X.509 certificates. For Windows Server 2016/2019 and Windows 10, see my new post: Trusted Remote Desktop Services SSL Certs for Win10/2019įor Windows environments that want extra security, one of the features that has been around for ages is requiring TLS 1.0 for Windows RDP (Remote Desktop) connections.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |