10.4. Procedure – Using SSL-encrypted RDP connections


To enable SSL-encrypted RDP connections, you have two options:

  • Enable Network Level Authentication (NLA, also called CredSSP). To enable NLA in RDP connections, see Section 10.3, Network Level Authentication (NLA) with PSM. Note that Network Level Authentication uses SSL-encryption with self-signed certificates, so you do not have to configure a signing CA.

  • Enable RDP5 connections and configure a signing CA. If both the client and the server supports SSL encryption, the connection will be encrypted. To use this solution, complete the following steps.


  1. Navigate to RDP Control > Settings, and select the Enable RDP5 option in the protocol settings of the connection. In the default setting, this is enabled. For details, see Procedure 10.2, Creating and editing protocol-level RDP settings.

  2. Create a certificate authority that will be used to sign the certificates that PSM shows to the client. For details, see Procedure 7.12, Signing certificates on-the-fly.

  3. Navigate to RDP Control > Connections and select the connection policy to modify.

  4. Figure 10.3. RDP Control > Connections — Using SSL-encryption in RDP connections

    RDP Control > Connections — Using SSL-encryption in RDP connections

    In the Signing CA field, select the certificate authority to use.


    SSL-encrypted RDP connections will be automatically rejected if no signing CA is selected.

  5. Click .