SSL/TLS protected RDP

From Windows Server 2003 SP1 it is possible to protect the RDP connection using SSL/TLS. This will give you a HUGE boost in security. Here is a simple way to set it up using a self signed certificate.

1. Create a self signed certificate using SelfSSL from the IIS 6.0 Resource Kit

   selfssl.exe /N:CN=LABDC01 /K:1024 /V:7 /S:1 /P:443

Note: If you already have IIS installed this will add the cert to the default website and if you are not going to use it you can disable SSL on that site. If you already have a SSL site on the computer you will need to back up the cert because this will be broken so you will need to recreate it. If you do not have IIS installed you will recieve an error message because the cert can’t be added to the default website but it will still be addad to the computer cert store.

2. Start Terminal Services Configuration and open properties of RDP. Click the edit button and select the correct certificate.

3. Select Security Layer SSL

Leave a Reply