Using certificates in Remote Desktop Services
- Article
- 08/31/2016
- 6 minutes to read
In this article
Remote Desktop Services uses certificates to sign the communication between two computers. When a client connects to a server, the identity of the server and the information from the client is validated using certificates.
Using certificates for authentication prevents possible man-in-the-middle attacks. When a communication channel is set up between the client and the server, the authority that generates the certificates vouches that the server is authentic. As long as the client trusts the server it is communicating with, the data being sent to and from the server is considered secure.
Certificates in Remote Desktop Services need to meet the following requirements:
The certificate is installed in the local computer’s “Personal” certificate store.
The certificate has a corresponding private key.
The Enhanced Key Usage extension has a value of either “Server Authentication” or “Remote Desktop Authentication” [1.3.6.1.4.1.311.54.1.2]. You can also use certificates with no Enhanced Key Usage extension.
Remote Desktop listener certificate configurations
- Article
- 12/09/2021
- 4 minutes to read
- 3 contributors
Is this page helpful?
Yes No
Any additional feedback?
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy.
Submit
Thank you.
In this article
This article describes the methods to configure listener certificates on a Windows Server 2012-based or Windows Server 2012-based server that is not part of a Remote Desktop Services [RDS] deployment.
Applies to: Windows Server 2012 R2
Original KB number: 3042780