2.4.3 Use SSL
The HCEP uses HTTP (as specified in [RFC2616]) or HTTP over TLS (as specified in [RFC2818]) as the transport for its messages. To configure how HCEP connects to the HRA, a registry setting entry MUST be represented in the machine-specific Registry Policy file as follows:
Key: Software\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups\<Server-Group>
Value: "AllowNonSSL" or one of the value names specified in the table in [MS-GPREG] section 3.2.5.1 specifying how the value is deleted.
Type: REG_DWORD.
Size: Equal to the size of the Data field.
Data: A 32-bit unsigned integer.
|
Value |
Meaning |
|---|---|
|
0x00000000 |
Disables SSL. |
|
0x00000001 |
Enables SSL. |
Communication with the HRA is always performed using SSL when HRA auto-discovery is used; see section 2.4.1.