• Created by Unknown User (anastasia.antonenko), last modified on Dec 11, 2023

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Enabling RDP File Signing

To do so you need to edit the Rdp section of the Core configuration file located along the path listed below:

Windows

C:\inetpub\wwwroot\pam\core

 "Rdp": {
    "UseRemoteApp": false,
    "SignRdpFile": true,
    "Certificate": "16c214ba7dec702a7ce5e4ac727502b0c0d448e2",
    "Password": ""
  },

Linux

/etc/indeed/indeed-pam/core

 "Rdp": {
    "UseRemoteApp": false,
    "SignRdpFile": true,
    "Certificate": "/etc/",
    "Password": "1234"
  },

Description of the Parameters of the Rdp Section of Configuration File

  • SignRdpFile — enable RDP file signature
  • Certificate — certificate thumbprint or path to the certificate itself
  • Password — certificate password. Should be specified if Certificate is a path to the certificate itself

After editing the configuration file restart the Core component.

Windows

Restart IIS.

Linux

Go to the folder /etc/indeed/indeed-pam:

cd /etc/indeed/indeed-pam

Restart the Indeed Identity PAM Core component:

sudo docker compose -f docker-compose.management-server.yml up -d core --force-recreate
or
sudo docker-compose -f docker-compose.management-server.yml up -d core --force-recreate

Certificate Setup

To enable RDP file signing, you need a certificate issued by a certification authority.

All actions described below take place on a management server with the Core component installed.

Windows with Fingerprint

  1. Add the certificate to your computer's personal storage.

  2. Open certificate menu, select All TasksManage Private Keys....
  3. Click Add..., in the window that opens, click Locations..., select local computer OK.
  4. In the Enter the object names to select field enter IIS_IUSRSOK.

  5. Edit the configuration file by specifying the certificate thumbprint without a password.

Linux with Key Importing in PFX Format

Import a certificate in PFX format with a private key and password in the folder: /etc/indeed/indeed-pam/keys/rdp-sign.pfx.

Edit the configuration file, specifying the path to the certificate and the password.

To the following file /etc/indeed/indeed-pam/docker-compose.management-server.yml in the core - volumes section add the following line to organize certificate forwarding to the container:

volumes:
      - ./core/events:/var/lib/indeed/indeed-pam/events
      - ./core/appsettings.json:/app/appsettings.json:ro
      - ./keys/shared/protector:/etc/indeed/indeed-pam/keys/shared/protector:ro
      - ./keys/core:/etc/indeed/indeed-pam/keys/core:ro
      - ./ca-certificates:/usr/local/share/ca-certificates:ro
      - ./logs/core:/app/logs
      - ./keys/rdp-sign.pfx:/etc/indeed/indeed-pam/keys/rdp-sign.pfx


  • No labels