2.4.3 Use SSL

The HCEP uses HTTP (as specified in [RFC2616]) or HTTP over TLS (as specified in [RFC2818]) as the transport for its messages. To configure how HCEP connects to the HRA, a registry setting entry MUST be represented in the machine-specific Registry Policy file as follows:

Key: Software\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups\<Server-Group>

Value: "AllowNonSSL" or one of the value names specified in the table in [MS-GPREG] section 3.2.5.1 specifying how the value is deleted.

Type: REG_DWORD.

Size: Equal to the size of the Data field.

Data: A 32-bit unsigned integer.

Value

Meaning

0x00000000

Disables SSL.

0x00000001

Enables SSL.

Communication with the HRA is always performed using SSL when HRA auto-discovery is used; see section 2.4.1.