How to Enable Certificate Revocation Checking on a Remote Desktop Gateway Client

The RD Gateway is pretty secure by itself but if you want to enable certificate revocation checking on it, here is how to do it

An RD Gateway server is configured with a server authentication certificate that is used for authenticating and securing the communication between the RD Gateway client and the RD Gateway server. To learn more about certificates on RD Gateway, see the blog Introduction to TS Gateway certificates.

To help maintain the integrity of an organization's public key infrastructure (PKI), the administrator of a certification authority (CA) must revoke a certificate if the subject of the certificate leaves the organization, if the certificate subject's private key has been compromised, or if some other security-related event dictates that it is no longer desirable to have a certificate considered valid. When a certificate is revoked by a CA, it is added to that CA's certificate revocation list (CRL). To learn more, see the TechNet article Revoking certificates and publishing CRLs.

The RD Gateway client by default is not configured to check whether the certificate installed on the RD Gateway server is revoked or not. As such, if you want to enable your RD Gateway clients to check for certificate revocation and proceed with the connection only if the server certificate is not revoked, run the following command on a command prompt on the RD Gateway client computer:

reg add "HKCU\Software\Microsoft\Terminal Server Gateway\Transports\Rpc" /v CheckForRevocation /t REG_DWORD /d  1


Filed under: News Leave a comment
Comments (0) Trackbacks (0)

No comments yet.

Leave a comment

No trackbacks yet.