TLS security layer

Idan Freiberg edited this page Jan 16, 2017 · 5 revisions


xrdp is now accepts TLS security layer connections from RDP clients.
in order to use TLS in xrdp server, you will need:

1. an x509 certificate and a private key.
Self-signed certificate can be generated using openssl tool:

   example: openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
  • you must point xrdp server to the certificate and key files inside xrdp.ini config file:
   certificate=<path to certificate file>
   key_file=<path to key file>
  • xrdp's default paths for certificate and key are /etc/xrdp/cert.pem and /etc/xrdp/key.pem
  • Note: you may give read permissions on the key file only for root (xrdp is running as root).
2. Set xrdp to negotiate TLS:
in xrdp.ini file, set:

TLS direct connections are not supported by xrdp for now (


You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.