Click here to get back home

SSL and Remote Desktop
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
SSL and Remote Desktop Sam Ramsey 02-27-2008
Posted by Sam Ramsey on February 27, 2008, 7:53 pm
Please log in for more thread options
 How do I add a thrid party SSL certicate to remote desktop?

I read all the documentation I can find about SSL and Remote Desktop and the
ones I find want me to use Microsoft CA Services. I tried that, however it
doesn't force only certain system to login. Any systems can login. Even
though I can create a SSL Remote Desktop connection.

I think it would be better if I went with a third party certifacte.

Thanks,

Sam

Posted by Brian Komar \(MVP\) on February 27, 2008, 8:19 pm
Please log in for more thread options
 How would a 3rd party cert solve your problem. The certificate encrypts the
connection, it does not limit logons no matter whether the cert is issued by
a private CA or a commercial CA
Brian

> How do I add a thrid party SSL certicate to remote desktop?
>
> I read all the documentation I can find about SSL and Remote Desktop and
> the
> ones I find want me to use Microsoft CA Services. I tried that, however it
> doesn't force only certain system to login. Any systems can login. Even
> though I can create a SSL Remote Desktop connection.
>
> I think it would be better if I went with a third party certifacte.
>
> Thanks,
>
> Sam


Posted by Sam Ramsey on February 28, 2008, 1:08 pm
Please log in for more thread options
I want to secure it to limited users/computers. I wanted to create a SSL
certificate and only be able to manually pass out that certificate.

With Microsoft CA certificate, it didnt limit the user/computers.

Sam

"Brian Komar (MVP)" wrote:

> How would a 3rd party cert solve your problem. The certificate encrypts the
> connection, it does not limit logons no matter whether the cert is issued by
> a private CA or a commercial CA
> Brian
>
> > How do I add a thrid party SSL certicate to remote desktop?
> >
> > I read all the documentation I can find about SSL and Remote Desktop and
> > the
> > ones I find want me to use Microsoft CA Services. I tried that, however it
> > doesn't force only certain system to login. Any systems can login. Even
> > though I can create a SSL Remote Desktop connection.
> >
> > I think it would be better if I went with a third party certifacte.
> >
> > Thanks,
> >
> > Sam
>
>

Posted by Brian Komar \(MVP\) on February 28, 2008, 1:21 pm
Please log in for more thread options
Your understanding of how SSL works is very flawed.
The SSL certificate for RDP is a *server-side* certificate (like *all* SSL
applications)
GIving the certificate to users is a complete and utter waste of time.
Please see RFC 4346 for details on how SSL works.
What you are trying to do with certificate will *never* work, no matter
whether you get the certificates from a commercial or private CA
Brian

>I want to secure it to limited users/computers. I wanted to create a SSL
> certificate and only be able to manually pass out that certificate.
>
> With Microsoft CA certificate, it didnt limit the user/computers.
>
> Sam
>
> "Brian Komar (MVP)" wrote:
>
>> How would a 3rd party cert solve your problem. The certificate encrypts
>> the
>> connection, it does not limit logons no matter whether the cert is issued
>> by
>> a private CA or a commercial CA
>> Brian
>>
>> > How do I add a thrid party SSL certicate to remote desktop?
>> >
>> > I read all the documentation I can find about SSL and Remote Desktop
>> > and
>> > the
>> > ones I find want me to use Microsoft CA Services. I tried that, however
>> > it
>> > doesn't force only certain system to login. Any systems can login. Even
>> > though I can create a SSL Remote Desktop connection.
>> >
>> > I think it would be better if I went with a third party certifacte.
>> >
>> > Thanks,
>> >
>> > Sam
>>
>>


Posted by Roger Abell [MVP] on February 28, 2008, 10:13 pm
Please log in for more thread options
It sounds to me Sam like you want to enable the server for SSL,
and, you also want to sneaker-net distro certs for IPsec rule use.
You should look into doing each separately, as they are diff.

>I want to secure it to limited users/computers. I wanted to create a SSL
> certificate and only be able to manually pass out that certificate.
>
> With Microsoft CA certificate, it didnt limit the user/computers.
>
> Sam
>
> "Brian Komar (MVP)" wrote:
>
>> How would a 3rd party cert solve your problem. The certificate encrypts
>> the
>> connection, it does not limit logons no matter whether the cert is issued
>> by
>> a private CA or a commercial CA
>> Brian
>>
>> > How do I add a thrid party SSL certicate to remote desktop?
>> >
>> > I read all the documentation I can find about SSL and Remote Desktop
>> > and
>> > the
>> > ones I find want me to use Microsoft CA Services. I tried that, however
>> > it
>> > doesn't force only certain system to login. Any systems can login. Even
>> > though I can create a SSL Remote Desktop connection.
>> >
>> > I think it would be better if I went with a third party certifacte.
>> >
>> > Thanks,
>> >
>> > Sam
>>
>>



Similar ThreadsPosted
Remote desktop February 21, 2006, 3:25 pm
Can connect via Remote Desktop September 26, 2005, 12:36 pm
remote desktop security February 18, 2006, 5:38 pm
Windows Remote Desktop April 16, 2006, 7:17 am
Secure Remote Desktop August 10, 2006, 11:00 pm
RDP: remote desktop issues September 23, 2007, 3:13 pm
Remote Desktop Protocol October 29, 2007, 5:16 pm
How secure is remote desktop June 16, 2008, 8:46 pm
Remote Desktop MITM Concerns June 10, 2005, 8:45 am
Securing Remote Desktop To Server August 11, 2005, 10:30 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap