{"id":1351,"date":"2023-11-15T14:27:20","date_gmt":"2023-11-15T06:27:20","guid":{"rendered":"https:\/\/aichh.com\/?p=1351"},"modified":"2023-11-15T14:27:20","modified_gmt":"2023-11-15T06:27:20","slug":"%e7%94%9f%e6%88%90%e6%9b%b4%e9%95%bf%e6%9c%89%e6%95%88%e6%9c%9f%e7%9a%84-rdp-ssl-%e8%87%aa%e7%ad%be%e5%90%8d%e8%af%81%e4%b9%a6","status":"publish","type":"post","link":"https:\/\/aichh.com\/1351.html","title":{"rendered":"\u751f\u6210\u66f4\u957f\u6709\u6548\u671f\u7684 RDP SSL \u81ea\u7b7e\u540d\u8bc1\u4e66"},"content":{"rendered":"

\u9ed8\u8ba4\u7684 RDP \u81ea\u7b7e\u540d\u8bc1\u4e66\u6709\u6548\u671f\u53ea\u6709\u534a\u5e74, \u5bf9\u4e8e\u6211\u6765\u8bf4\u592a\u77ed, \u4e00\u65e6\u8fc7\u671f, \u8fde\u63a5 rdp \u65f6\u63d0\u793a\u8bc1\u4e66\u4e0d\u53d7\u4fe1\u4efb\u7684\u8b66\u544a\u5c31\u5f88\u70e6\u607c, \u4fe1\u4efb\u6216\u4e0d\u4fe1\u4efb\u90fd\u9ebb\u70e6.<\/p>\n

\u53ef\u4ee5\u4f7f\u7528\u514d\u8d39\u6216\u6536\u8d39\u7684 SSL \u8bc1\u4e66, \u5e76\u914d\u7f6e\u81ea\u52a8\u66f4\u65b0\u8bc1\u4e66\u670d\u52a1. \u4f46\u8fd9\u6837\u8fd8\u662f\u6709\u4e0d\u4fbf\u7684\u5730\u65b9, \u6240\u4ee5\u6211\u9009\u62e9\u53e6\u4e00\u79cd\u65b9\u5f0f: \u751f\u6210\u66f4\u957f\u6709\u6548\u671f\u7684\u81ea\u7b7e\u540d SSL \u8bc1\u4e66, \u4f46\u6ce8\u610f: \u66f4\u957f\u6709\u6548\u671f\u7684 SSL \u8bc1\u4e66\u53ef\u80fd\u589e\u52a0\u5b89\u5168\u98ce\u9669.<\/p>\n

\u4e3a\u4f55\u4e0d\u81ea\u5efa CA ? \u56e0\u4e3a\u62c5\u5fc3\u7ba1\u7406\u4e0d\u5584, \u5bfc\u81f4\u81ea\u5efa CA \u6210\u4e3a\u5176\u4ed6\u8ba1\u7b97\u673a\u7684\u5b89\u5168\u98ce\u9669\u6765\u6e90.<\/p>\n

\u4f7f\u7528 powershell, \u4e24\u884c\u4ee3\u7801\u641e\u5b9a<\/h2>\n
\n
$newcert = New-SelfSignedCertificate -Subject \"CN=$([System.Net.Dns]::GetHostName())\" -KeyLength 4096 -NotAfter $([datetime]::Now.AddYears(5)) -KeyExportPolicy NonExportable -TextExtension @(\"2.5.29.37={text}1.3.6.1.5.5.7.3.1\", \"2.5.29.19={critical}{text}ca=0\") -Type SSLServerAuthentication -CertStoreLocation Cert:LocalMachineMy\r\n\r\nSet-CimInstance -Namespace 'rootcimv2TerminalServices' -Query 'SELECT * FROM Win32_TSGeneralSetting WHERE TerminalName = \"RDP-Tcp\"'  -Property @{ SSLCertificateSHA1Hash = $newcert.Thumbprint }\r\n<\/code><\/pre>\n<\/div>\n
\u73b0\u5728, \u91cd\u542f\u8ba1\u7b97\u673a\u6216\u8005\u91cd\u542f \u201cRemote Desktop Services\u201d \u670d\u52a1\u5373\u53ef\u4f7f\u7528\u65b0\u8bc1\u4e66\u8fde\u63a5\u3002<\/p>\n
\u9a8c\u8bc1\uff1a<\/p>\n
\n
# \u67e5\u770b\u65b0\u8bc1\u4e66\u7684\u6307\u7eb9\r\nls Cert:LocalMachineMy\r\n# \u67e5\u770b\u6307\u5b9a\u7684 SSL \u8bc1\u4e66\u6307\u7eb9\r\nGet-CimInstance -Namespace 'rootcimv2TerminalServices' -Query 'SELECT * FROM Win32_TSGeneralSetting WHERE TerminalName = \"RDP-Tcp\"'\r\n<\/code><\/pre>\n<\/div>\n
\u53c2\u6570\u89e3\u91ca<\/h3>\n
\u7b2c\u4e00\u6761 powershell \u547d\u4ee4\u751f\u6210\u4e00\u4e2a\u81ea\u7b7e\u540d\u8bc1\u4e66:<\/p>\n