How to secure remote desktop connections using TLS/SSL
How to secure remote desktop connections using TLS/SSL based authentication
Requirement
When you enable remote desktop on a Windows Server for administrative purposes, security issues may arise depending on how you have configured your server
Steps in windows server end
Prerequisites
- Ensure your terminal server is running Windows Server 2003 including SP1
- You also need a TLS/SSL based certificate that should be installed with the following specifications:
- The certificate should be computer based
- The certificate's purpose should be server authentication
- The certificate¡¯s private key should be available
- Since it is a computer based certificate, it should be stored in the computer account certificate store on the terminal server
1-Request a certificate
We will Request a certificate in Internet Explore, About how to Request a certificate, Please access
How To Request a certificate from Certificate Authority server in Internet Explore?
2-Issue the certificate
After you requested certificate, You can login Certificate Authority server to issue the certificate. Please access
How to Issue A certificate in Certificate Authority server?
3-Install certificate in Certificate Authority server
After you issued the certificate, You can install the certificate in Certificate Authority server. Please access
How to Install A certificate in Certificate Authority server?
4-Export certificate in Certificate Authority server
After you installed certificate in step3, You will can get the
certificate information in Internet Options tool. You can export it from
here, Please access
How to Export A certificate in Certificate Authority server?
5-Export root certificate in Certificate Authority server
MS SQL Server and all clients have to import Root Certificate, You can
export root certificate in Certificate Authority server
How to Export root certificate in Certificate Authority server?
6-Import certificate and Trusted Root Certification Authority in server
About how to import certificate, Please access
How To Import Personal Certificate With MMC?
7-Configure the Terminal Services
About how to Configure the Terminal Services, Please access
How To Configure the Terminal Services?
Steps in client computer end
Prerequisites
- The client computer must be running Microsoft Windows 2000, Windows XP, Windows Server 2003 or Windows Vista
- For Windows 2000, XP and Windows Server 2003, the remote desktop client version 5.2 or newer should be used.
- Only authorized clients should be able to trust the root
Certification Authority (CA) that has issued the computer based
certificate residing on the terminal server. This will ensure that a
TLS/SSL connection can be established from a trusted client.
1- Install Trusted Root Certification Authority
Note: You should install Trusted Root Certification Authority in your client computer.
About how to import Trusted Root Certification Authority, Please access
How To Install Trusted Root Certification Authority With MMC?
Connect to remote using TLS/SSL based authentication
Start the Remote Desktop client
start the Remote Desktop client and select the Security tab which is
a new tab that is included with the updated remote desktop client
You can now connect and logon to the terminal server
最新文章
- 《C#高级编程(第六版)》泛型学习笔记(一):泛型优点和特性 (转载)
- Unity Aspect
- gulp-uglify《JS压缩》----gulp系列(四)
- 详解Linux安装GCC方法
- javaSE第九天
- 有两个数组a,b,大小都为n,;通过交换a,b中的元素,使sum(a)-sum(b)最小。
- C#去除byte数组头尾杂质(即不需要的数据)
- zoj 3870
- Deep Learning Papers
- scale等比缩放才能做到看上去能让线条以中心点展开
- Java计算1-100的和(要求尽量考虑代码优化)
- js动态参数作为Object的属性取值
- 关于极光推送Jpush的demo
- mac charles手机抓包详细教程
- tensorflow Tensorboard2-【老鱼学tensorflow】
- java spring属性注入
- Git的各种状态
- 【python】Python 中的 classmethod 和 staticmethod
- 基于RYU的拓扑发现
- pandas数组和numpy数组在使用索引数组过滤数组时的区别