I'm trying to harden our RDP service so we can use a specific server without having to VPN into our network. I would like the RDP Session Host Server to use certificates from an authorized certificate authority like Verisign or RapidSSL. I can't seem to find any good tutorials covering this, if it's even possible. Right now we use the default self-signed certificate provided. When I choose 'Select', only the default self-signed cert is displayed. No other options. I'm not quite sure how to add our CA cert from our official cert authority. Is there a way change configure this for a 3rd party CA Cert?
Also, for encryption level, is it more secure to set this to high or FIPS compliant? If you think it's unwise to expose the RDP service, please share.
Any info is greatly appreciated.
Thanks!
I guess I should add this server is also a member of an Active Directory Domain.
Best Answer
You should expose only your RD Gateway (port 443) to the internet, not the session host.
To import new certificates for RDS to use, you need to import/install them first into the certificate store.
You might want to read this two-part tutorial. Yes, I'm sorry, it is a plug. But I also really think it could help:
http://www.myotherpcisacloud.com/post/2011/11/23/Remote-Desktop-Services-Tutorial-1-(RD-Gateway).aspx
http://www.myotherpcisacloud.com/post/2011/11/25/Remote-Desktop-Services-Tutorial-2-(RD-Web-Access).aspx