Prev: Remote Desktop Fails
Next: 50 Opinion Dsiconsolas.com
From: Matt on 12 Oct 2009 14:31 I've just learned about StartSSL and though I'd try to get a TLS certificate that I can use to authenticate and set up encryption on my Vista Business Remote Desktop Server. I see that it automatically generates a self-signed certificate. I've tried to generate a certificate and private key with StartSSL, but I can't find an option to make Vista use them. (Right now I have the public certificate imported, but don't see an option to import the private key as well). I'd also appreciate if someone could point me to some documentation on how to do this with Server 2003 as well.
From: Silvia Doomra [MSFT] on 23 Oct 2009 01:39 This is the reply I got from one of my colleague: Hmm.. "Vista Business Remote Desktop Server" is it a server or client SKU? Also, I don't know what StartSSL is, some tool for creating certificates? In general to be suitable for use with Remote Desktop the a certificate should have the following characteristics: 1. It needs to be installed, along with its private key, into the local computer's (not user's) "Personal" (My) certificate store. 2. The EKU must be either "Server Authentication" or "1.3.6.1.4.1.311.54.1.2" (a special TS EKU). 3. It should not be expired (obviously). On server SKUs you can use tsconfig.msc to select the certificate. Note: tsconfig will only allow you to select usable certificates (see criteria above). On client SKUs you can put the thumbprint of the certificate directly into the registry as a "SSLCertificateSHA1Hash" binary value: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp] "SSLCertificateSHA1Hash"=hex:65,53,29,d2,56,fb,f0,2a,d6,75,d9,08,61,2d,72,36,9c,26,5c,71 (the value is just an example). To be able to import a certificate's private key, it must be exported together with its private key. And, as far as I know, you can only export private key of a certificate created with an exportable private key in the first place. Thx, Sergey. "Matt" <ssj4android(a)gmail.com> wrote in message news:26971083-2dda-475e-8bcb-604ffc393100(a)m38g2000yqd.googlegroups.com... > I've just learned about StartSSL and though I'd try to get a TLS > certificate that I can use to authenticate and set up encryption on my > Vista Business Remote Desktop Server. I see that it automatically > generates a self-signed certificate. I've tried to generate a > certificate and private key with StartSSL, but I can't find an option > to make Vista use them. (Right now I have the public certificate > imported, but don't see an option to import the private key as well). > I'd also appreciate if someone could point me to some documentation on > how to do this with Server 2003 as well.
|
Pages: 1 Prev: Remote Desktop Fails Next: 50 Opinion Dsiconsolas.com |