Securing the RDP connection with SSL (TLS 1.0)
Posted: Tue Sep 16, 2014 6:27 pm
I have a certificate issued from "GlobalSign" that came in a .pfx file. It's properties allow for Server Authentication and Client Authentication. I am trying to use this with TSPLUS Generated Clients...
I was able to get the non-IIS Web Service to use the cert from globalsign, so that when my users go to https:\mysite.com they get the green lock, viewing the certificate all is well.
Problem is using RDP or the generated clients... When I use RDP, I get a certificate warning. When I click View Certificate, it shows a self assigned cert, we will call it servername.
So I Open MMC -Add/remove snap in 'Certificates' - 'Computer Account' - Expand Remote Desktop - Certificates. In here, I have added globalsign certificate and it's information all looks correct. I have deleted the 'servername' certificate from this location.
When I attempt to RDP to the server, I get the same certificate warning. I click 'no' and do not login. When I refresh my 'Certificates' in remote desktop, the self signed 'servername' certificate re-appears.
I have tried opening Local Computer Policy\computer configuration\administrative templates\windows components\remote desktop services\remote desktop session host\security and setting the 'Server Authentication Certificate Template' name to my 'globalsign' certificate, no change. I have tried changing the name to 'RemoteDesktopComputer' as found when googling my issue - no change. Seems no matter what I try in this 'Server Auth Certificate Template" field, it doesn't matter and it will create a self assigned certificate.
Does anyone have any suggestions? This is on a Windows 2008 R2 server.
Thanks
I was able to get the non-IIS Web Service to use the cert from globalsign, so that when my users go to https:\mysite.com they get the green lock, viewing the certificate all is well.
Problem is using RDP or the generated clients... When I use RDP, I get a certificate warning. When I click View Certificate, it shows a self assigned cert, we will call it servername.
So I Open MMC -Add/remove snap in 'Certificates' - 'Computer Account' - Expand Remote Desktop - Certificates. In here, I have added globalsign certificate and it's information all looks correct. I have deleted the 'servername' certificate from this location.
When I attempt to RDP to the server, I get the same certificate warning. I click 'no' and do not login. When I refresh my 'Certificates' in remote desktop, the self signed 'servername' certificate re-appears.
I have tried opening Local Computer Policy\computer configuration\administrative templates\windows components\remote desktop services\remote desktop session host\security and setting the 'Server Authentication Certificate Template' name to my 'globalsign' certificate, no change. I have tried changing the name to 'RemoteDesktopComputer' as found when googling my issue - no change. Seems no matter what I try in this 'Server Auth Certificate Template" field, it doesn't matter and it will create a self assigned certificate.
Does anyone have any suggestions? This is on a Windows 2008 R2 server.
Thanks