On 10 Jun 2010 at 9:30, Marsh Ray wrote: > On 6/10/2010 9:10 AM, Thor (Hammer of God) wrote: > > To be specific, it actually doesn't require a "client" cert in the > > strictest sense. > > But I thought it could be configured to require a client cert?
Some users would probably be content using stunnel (+OpenSSL) as SSL wrapper on server side and the "-v 3" option in config which I think should force validation against locally installed certificates. /J > > > You can configure certificate parameters on the > > server in such a way that certificate trust chains must be honored > > (close enough) > > I don't get your meaning here. What cert chains would the server be > validating if not client certs? The server's own? > > Or are you saying it's still the client's option to not present a client > cert? > > > but if you want true client authentication based on a > > certificate, you would have to publish the RDP over RPC/HTTP(s) via > > something like ISA where you can specifically configure a listener to > > require client authentication certificates to be "presented" to the > > publisher, but that's not really the same thing. > > I kind of thought we had it configured something like that (but I > haven't gotten in too deep yet). > > http://technet.microsoft.com/en-us/library/cc731264%28WS.10%29.aspx > > Thanks for the heads-up, I'll definitely look at this more closely as I > have some projects at work which involve MSTS and TSG. > > - Marsh > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
