AD RMS: HTTPS should be used for the AD RMS Cluster URL

Updated: August 31, 2012

Applies To: Windows Storage Server 2008, Windows Storage Server 2008 R2, Windows Storage Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Active Directory Rights Management Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Issue

For secure communication between clients and the AD RMS server, HTTPS should be used for the AD RMS cluster URL.

Impact

The communication between clients and the AD RMS server is not secure.

Resolution

If this is a new setup, uninstall and redeploy AD RMS using an SSL connection.

It is recommended that Secure Socket Layer / Transport Layer Security (SSL/TLS) is used to provide server authentication and data encryption for the users connecting to the AD RMS server. SSL is not required but it is highly recommended in order to encrypt traffic over the wire. If SSL is not used, the traffic will be in clear text. It is required for ADFS.

SSL requires that your server have a valid SSL certificate installed for the Web site. The required Web Server certificates may be issued by a Microsoft Certificate Authority or purchased externally from a 3rd party. When planning the solution deployment you should consider how these certificates will be made available to the AD RMS servers.

Additional references

For more information, see How to Setup SSL on IIS 7.0 (https://go.microsoft.com/fwlink/?LinkId=154592) and Import an SSL Certificate Using Internet Information Services (IIS) Manager (https://go.microsoft.com/fwlink/?LinkId=154912)