10.4. Procedure – Verifying the certificate of the RDP server in encrypted connections


By default, PSM accepts any certificate shown by the server. To accept only verified certificates, complete the following steps:


  1. Create a list of trusted CA certificates that will be used to verify the certificate of the server. For details, see Procedure 7.11, Verifying certificates with Certificate Authorities.

  2. Navigate to RDP Control > Connections and select the connection policy to modify.

  3. Figure 10.3. RDP Control > Connections — Using SSL-encryption in RDP connections

    RDP Control > Connections — Using SSL-encryption in RDP connections

    Select Verify server certificate. Note that this setting has no effect if the session uses Network Level Authentication, because in such cases PSM uses a different method to validate the server certificate.

  4. Select the CA list to use for verifying the certificate of the server from the Trusted CA list field.

  5. Click .

  6. Optional step: Configure your Windows servers to display a certificate signed with the above Certificate Authority for incoming RDP connections. To accomplish this, complete the following steps:

    1. Generate a certificate that contains the IP address or the hostname of the target server in its Common Name (CN) field and sign it with the Certificate Authority whose certificate you added to the Trusted CA list of PSM.

    2. Convert the signed certificate of the target server to PKCS12 format that includes the private key.

    3. Start the Microsoft Management Console (MMC) on the target server and select Add Snap-in > Certificates > Computer Account.

    4. Right-click on the Personal store, then select All Tasks > Import, and select the certificate created for the server.

    5. Complete the Certificate Import Wizard, but do not select the Extended certificate properties option.

    6. Select Start > Administrative tools > Remote Desktop > Remote Desktop Session Host Configuration.

    7. Right-click on the connection you want to configure and select Properties > General.

    8. Set the Security layer to SSL.

    9. Click Certificate > Select and select the imported certificate. The server will use this certificate to verify its identity for the incoming RDP connections.