Re: SSL and Remote Desktop

---

• From: "Brian Komar \(MVP\)" <brian.komar.nospam@xxxxxxxxxxxxxxxxx>
• Date: Thu, 28 Feb 2008 12:21:26 -0600

---

Your understanding of how SSL works is very flawed.
The SSL certificate for RDP is a *server-side* certificate (like *all* SSL applications)
GIving the certificate to users is a complete and utter waste of time.
Please see RFC 4346 for details on how SSL works.
What you are trying to do with certificate will *never* work, no matter whether you get the certificates from a commercial or private CA
Brian

"Sam Ramsey" <SamRamsey@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:11B6C5FB-E407-4B51-BD18-5DFB68C36979@xxxxxxxxxxxxxxxx

I want to secure it to limited users/computers. I wanted to create a SSL
certificate and only be able to manually pass out that certificate.

With Microsoft CA certificate, it didnt limit the user/computers.

Sam

"Brian Komar (MVP)" wrote:

How would a 3rd party cert solve your problem. The certificate encrypts the
connection, it does not limit logons no matter whether the cert is issued by
a private CA or a commercial CA
Brian

"Sam Ramsey" <SamRamsey@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:516B4B14-D9C9-49D2-BBE2-9F196D1E0237@xxxxxxxxxxxxxxxx
> How do I add a thrid party SSL certicate to remote desktop?
>
> I read all the documentation I can find about SSL and Remote Desktop > and
> the
> ones I find want me to use Microsoft CA Services. I tried that, however > it
> doesn't force only certain system to login. Any systems can login. Even
> though I can create a SSL Remote Desktop connection.
>
> I think it would be better if I went with a third party certifacte.
>
> Thanks,
>
> Sam

.

---

• References:
  • Re: SSL and Remote Desktop
    • From: Brian Komar \(MVP\)

• Prev by Date: Re: How can admin not have access to certain shares?
• Next by Date: server2008 password expiration disabled?
• Previous by thread: Re: SSL and Remote Desktop
• Next by thread: Re: SSL and Remote Desktop
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Proposal for a new PKI model (At least I hope its new) ... > Then the world would have no problem trusting your domain level PKI ... coined the term "certificate manufacturing" to distinquish from actual ... it turns out that one of the reasons for the SSL server domain name ... (sci.crypt) Re: New Method for Authenticated Public Key Exchange without Digital Certificates ... one of the motivating factors for the SSL domain name server ... server certificate, ... Was: PKI International Consortium ... (sci.crypt) Re: Is that secure : ... for that URL (via checking for a valid domain name certificate and the ... when they discovered that using SSL cut their thruput/performance ... The scenario about the website that you thought you were ... "payment" URL (for some website that the attackers were able to obtain ... (comp.security.misc) Re: MOD_SSL and MOD_AUTH_OPENVMS ... ## for proper server startup. ... ## SSL Support ... # List the ciphers that the client is permitted to negotiate. ... # Point SSLCertificateFile at a PEM encoded certificate. ... (comp.os.vms) Re: X.509 and ssh ... SSL establishes sessions, where in the cert / keys are exchanged only at the beginning of the session. ... supposedly one of the big drivers for certificate business in the mid-90s was in conjunction with financial transactions. ... that the typical financial transaction was 60-80 bytes and the payload overhead of having redundant and superfluous certificates was on the order of 4k-12k bytes. ... verified with the onfile public key. ... (comp.security.ssh)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2008-02