Re: RDP Security and the MITM Attacks...
- From: "TP" <tperson.knowspamn@xxxxxxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 15:11:03 -0500
I wasn't clear enough on that point. I meant for you to have IIS on the same machine as the TS, and use the wizard to walk you through the certificate request and then the certificate install.
After you have done that, the certificate will be in the Personal store for the computer account, thus enabling it to be selected from Terminal Services Configuration.
The method I describe is not the only way to get a certificate requested and installed. I selected it because many people are familiar with the IIS cert process, and you can find plenty of examples on the web that guide you through step by step. Another benefit is that it will make a request that has the correct enhanced key usage.
Yes, the certificates mmc snapin is helpful.
-TP
Andrew Bienhaus wrote:
"TP" wrote:.Yes, the problem is solved, but you need to take the necessary
steps. Preferrably you will need to obtain a public certificate,
install it, and then configure the TS server to use SSL for the
security layer.
On the client side, you need to use version 5.2.3790.1830 or
later, as well as set it to Require Authentication (preferred) or
Attempt Authentication. Please see my response in this thread:
Ok, one question, and my thanks. ;-)
In your example in that post, you create a cert request on a separate
IIS webserver, but then also imply that you install it on the same
webserver.
I would assume, that you actually install the cert on the terminal
server in question, no?
So, one would have to enable/install certificate services?
andrew
- References:
- Prev by Date: Re: Detecting PC location through Terminal Services
- Next by Date: Can't connect to Terminal Services as "domain user"
- Previous by thread: Re: RDP Security and the MITM Attacks...
- Next by thread: Re: RDP Security and the MITM Attacks...
- Index(es):
Relevant Pages
|
