JSI Tip 9214. How do I configure a Windows Server 2003 terminal server to use TLS for server authentication?
March 30, 2005
Microsoft Knowledge Base Article 895433 contains the following summary and introduction:
SUMMARY
You can connect to a remote computer that is running Microsoft Windows Terminal Services by using a Remote Desktop Protocol connection. This kind of connection provides encryption for the data that is sent between the terminal server and the client computer. However, this kind of connection does not provide authentication for the terminal server. You may want to make sure that your terminal server is correctly authenticated before you connect to it. To do this, configure your terminal server to use Transport Layer Security (TLS) to authenticate the terminal server and to encrypt the data that is sent between the terminal server and the client computer.
To configure a TLS connection, you must configure both the terminal server and the client computer. To configure the terminal server, you must perform both the following steps:
You must install a valid certificate on the terminal server. |
You must configure the authentication settings by using the Terminal Services Configuration tool. |
To configure the client computer, you must perform both the following steps:
You must configure the client computer to trust the root Certification Authority that issued the terminal server's certificate. |
You must configure the authentication settings for the remote connection by using the Remote Desktop Connection program or by modifying the registry. |
INTRODUCTION
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
If you use the Remote Desktop Protocol (RDP) to connect to a terminal server, RDP provides data encryption but it does not provide authentication. Therefore, you cannot verify the identity of the terminal server. You can use Microsoft Windows Server 2003 Service Pack 1 (SP1) together with Transport Layer Security (TLS) version 1.0 to help increase terminal server security by using TLS for server authentication and to encrypt terminal server communications.
This article describes how to configure Windows Server 2003 SP1 to use TLS 1.0 for server authentication to encrypt terminal server communications.
About the Author
You May Also Like