Skip to content

TLS security layer

Jump to bottom Edit New page
speidy edited this page Nov 21, 2014 · 4 revisions

Hello,

xrdp is now accepts TLS security layer connections from RDP clients.
in order to use TLS in xrdp server, you will need:

1. an x509 certificate and a private key.
Self-signed certificate can be generated using openssl tool:

   example: openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
  • you must point xrdp server to the certificate and key files inside xrdp.ini config file:
   certificate=<path to certificate file>
   key_file=<path to key file>
  • xrdp's default paths for certificate and key are /etc/xrdp/cert.pem and /etc/xrdp/key.pem
  • Note: you may give read permissions on the key file only for root (xrdp is running as root).
2. Set xrdp to negotiate TLS:
in xrdp.ini file, set: 
   security_layer=tls

Notes:
1. Security layer negotiation is not fully implemented yet.
2. TLS direct connections are not supported by xrdp for now (http://msdn.microsoft.com/en-us/library/cc240799.aspx)

Enjoy,
Idan.

Add a custom footer
Add a custom sidebar
Clone this wiki locally