Skip to content

TLS security layer

Idan Freiberg edited this page Jan 16, 2017 · 5 revisions


xrdp is now accepts TLS security layer connections from RDP clients.
in order to use TLS in xrdp server, you will need:

1. an x509 certificate and a private key.
Self-signed certificate can be generated using openssl tool:

   example: openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
  • you must point xrdp server to the certificate and key files inside xrdp.ini config file:
   certificate=<path to certificate file>
   key_file=<path to key file>
  • xrdp's default paths for certificate and key are /etc/xrdp/cert.pem and /etc/xrdp/key.pem
  • Note: you may give read permissions on the key file only for root (xrdp is running as root).
2. Set xrdp to negotiate TLS:
in xrdp.ini file, set:

TLS direct connections are not supported by xrdp for now (


You can’t perform that action at this time.