Decrypt Windows 2008 Server Remote Desktop Using Known Certificate and Key
book
Article ID: 173831
calendar_today
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
The purpose of this article is to provide the steps to configure the SSL Visibility in order to decrypt traffic from an RDP session in a Windows 2008 Server.
Resolution
The steps are the following:
Log in to the Windows Server
Open IIS Manager
Create a cert/key via IIS Server Certificate manager. (This will be in.pfx format)
Export the .pfx file as it will need to be imported into the SSLV
If a .pfx file has been created with openssl import it here using the “Import” action.
Ex. openssl pkcs12 -export -in RDcert.pem -inkey RDkey.pem -out RDCert_Key2.pfx
Open mmc.exe
Add Terminal Services Configuration snapin (Alternatively Click “Start”, then type tsconfig.msc)
Open RDP-Tcp connection
At the bottom of the pop-up window there is a certificate name that is currently being used for RDP. Press “Select” and choose the one that was previously created
Open the SSLV Web UI
Import the previously created key/cert into the Known Cerificates With Keys PKI store