RDP File Signature Configuring
Enabling RDP File Signing
To do so you need to edit the Rdp section of the Core configuration file located along the path listed below:
"Rdp": {
"UseRemoteApp": false,
"SignRdpFile": true,
"Certificate": "16c214ba7dec702a7ce5e4ac727502b0c0d448e2",
"Password": ""
},
"Rdp": {
"UseRemoteApp": false,
"SignRdpFile": true,
"Certificate": "/etc/",
"Password": "1234"
},
Description of the Parameters of the Rdp Section of Configuration File
- SignRdpFile — enable RDP file signature
- Certificate — certificate thumbprint or path to the certificate itself
- Password — certificate password. Should be specified if Certificate is a path to the certificate itself
After editing the configuration file restart the Core component.
Windows
Restart IIS.
Linux
Go to the folder /etc/axidian/axidian-privilege:
cd /etc/axidian/axidian-privilege
Restart the Axidian Privilege Core component:
sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate
or
sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate
Certificate Setup
To enable RDP file signing, you need a certificate issued by a certification authority.
All actions described below take place on a management server with the Core component installed.
Windows with Fingerprint
- Add the certificate to your computer's personal storage.
- Open certificate menu, select All Tasks → Manage Private Keys....
- Click Add..., in the window that opens, click Locations..., select local computer → OK.
- In the Enter the object names to select field enter IIS_IUSRS → OK.
- Edit the configuration file by specifying the certificate thumbprint without a password.
Linux with Key Importing in PFX Format
Import a certificate in PFX format with a private key and password in the folder: /etc/axidian/axidian-privilege/keys/rdp-sign.pfx.
Edit the configuration file, specifying the path to the certificate and the password.
To the following file /etc/axidian/axidian-privilege/docker-compose.management-server.yml in the core - volumes section add the following line to organize certificate forwarding to the container:
volumes:
- ./core/events:/var/lib/axidian/axidian-privilege/events
- ./core/appsettings.json:/app/appsettings.json:ro
- ./keys/shared/protector:/etc/axidian/axidian-privilege/keys/shared/protector:ro
- ./keys/core:/etc/axidian/axidian-privilege/keys/core:ro
- ./ca-certificates:/usr/local/share/ca-certificates:ro
- ./logs/core:/app/logs
- ./keys/rdp-sign.pfx:/etc/axidian/axidian-privilege/keys/rdp-sign.pfx