i'm using Remote Desktop on Windows 7 RC1, connecting to a Windows 2008 server.
Everytime i start a connection, i get the following popup window :-
The certificate problem makes sense -> it was created from my own server, which is not an offical certificate authority. Sure. So I need to tell my machine that any certificate that comes from my server, can u please accept.
So i View the certificate and install it. I let it determine the best place to install it. eg
Unfortunately, every time i connect, i still get that popup question.
So i tried to manually tell where to install it. I said to install it at eg.
but still i get the warning question.
So .. does anyone have any suggestions?
The certificate needs to be added to your Local Computer's "Trusted Root Certification Authorities" store. Adding it to the user's "Trusted Root Certification Authorities" store is not enough! If this sounds confusing don't worry - it is.
If you think you already installed the certificate, skip to "Move Certificate on Client."
Export Certificate on Server
First the certificate needs to be exported to a file. On the server, i.e. the computer you'd like to connect to:
%windir%\System32\mmc.exeFile->Add/Remove Snap-in...Certificates->Add >->Computer account->Local computer->FinishOKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer).Certificates (Local Computer)->Remote Desktop->Certificates. There should be a single certificate with your computer's name.Detailstab.Copy to File...DER encoded binary X.509 (.CER).<computername>.cer.Another way to get the certificate is to follow steps 6 to 10 on your client computer, on the Remote Desktop warning dialog mentioned in the question. But you're trusting the network in this case. At least compare the fingerprints, so you can be sure you trust the right certificate.
Import Certificate on Client
On the client, i.e. the computer you're connecting from, an receive the warning popup, do:
%windir%\System32\mmc.exeFile->Add/Remove Snap-in...Certificates->Add->Computer account->Local computer->FinishOKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer).Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates.Action->All Tasks->Import....<computername>.cer.Place all certificates in the following store->Trusted Root Certification Authorities.Finish. You should no longer receive the warning.Move Certificate on Client
If you already installed the certificate through the warning dialog, you can find the certificate in the current user's store. Skip the steps above and just move the certificate to the right place:
Certificatessnap-in, this time forMy user account.Certificates - Current User->Intermediate Certification Authorities->Certificatesfirst.Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates. Note that the certificate stores stack, so you will still see the certificate in you user's store! You should no longer receive the warning.I think you need to check the path of the certificate and have your computer trust the actual root and/or intermediates and not the certificate itself. You can also see under the path tab where the actual problem lies...
On the pictures the certificate you're installing doesn't seem to be invalid - the root of the problem is.. eh.. that was a stupid pun, sorry ^^
If you created the certificate yourself, then you must have the Certification Authority installed on your server. You need to obtain the root certificate from your certification authority, and install that into the Trusted Root Certification Authorites store - not the certificate that it issued to the RDP server.
I could not get the certificate to be accepted using anything suggested however you can adjust the certificate handling functionality in the RDP settings so that it is not required to start an RDP session.
This will stop the certificate authentication block occurring.
I just sorted this out on my own system, I hope it isthe same issue refereed to here. It appears that the certificate import wizard that remote desktop invokes does not store the certificate in the trusted root certification authorities store even though the wizard indicates that the the import was successful.
This can be verified by invoking mmc from the counsel and adding the certification snap-in to view the contents of the trusted root certification authorities store.
The workaround is to save the certification (from the host) to a file, then on your client import the file using mmc to the trusted root certification authorities store on your client computer.
I think that this may be a bug introduced in win 7 sp1 (or a feature...)
When selecting the certificate store check the 'Show physical stores' box and save the certificate to 'Trusted Root Certification Authoritites > Local Computer'
Right above the View Certificate button, you have a checkmark stating Do not ask me again for connections to this computer. Check it.
I've only had brief and painful experiences with certificates, but my suggestion would be to try the Personal store instead of Trusted Root Certification Authorities.