Share via

CA SSL Certificate giving error

sachin holikar 1 Reputation point
2021-07-02T12:06:44.283+00:00

Hello Experts,

We have recently installed a new Microsoft Windows Server 2019 Standard. We use Remotedesktop Application in order to gain access to this System.
RDP works just fine. We also got official SSL Certificates for this System and followed the standard way to install the corresponding Certificate (Hostname.cer) File. (Standard Procedure is as follows:

On the Remote Windows Server computer, click Start and type mmc.exe.
In the MMC window, go to File > Add/Remove Snap-in.
In the Add or Remove Snap-ins window, select Certificates and click Add.
In the Certificates snap-in window, select Computer account, click Next, select Local computer, and click Finish.
Click [+] next to Certificates > Personal > Certificates
Right click on Certificates and select All Tasks > Import
Click Next
Click Browse
Select the .cer, .crt, or .pfx you would like to import. Click Open.
Click Next
Select Automatically select the certificate store based on the type of certificate.
Click Finish & OK

I could see the new Certificates in the respective folders.
Now the problem is, whenever we do Remote desktop to this System we get the popup windows saying "Attach-1"
When I click on the View Certificate it shows wrong Validity. (Attach - 2) Which is not what I see when I actually click on the official Certificates file .cer So it indicates that somehow RDP is not able to locate the correct certificates which are installed on the remote host.
In fact the error which I see (Attach -3 ) in Certificate Path says "This CA Root Certificate is not trusted.. To enable host, install this certificate in the trusted root certification authorities Store" but this certificate is clearly not the one I ordered and got from my company.
So my question is what is the problem here? Why cant the system or RDP not see the installed certificates on remote system?

Any pointers or help in this is highly appreciated.
Thans in advance.

Regards,
Admin

111307-attach-1.jpg111337-attach-2.jpg111402-attach-3.jpg

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,842 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. arvind viswakarma 81 Reputation points
    2021-07-02T12:53:58.397+00:00

    As I understand, you have installed the required certificate but RDP is not using it and going to some other (probably a default) one?
    Have you seen this blog:
    https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/remote-desktop-connection-rdp-certificate-warnings/ba-p/259301

    Go through scenario2 in it. It has a wmic command at the end to configure your choice of certificate for the RDP.

  2. Vadims Podāns 9,121 Reputation points MVP
    2021-07-05T15:41:32.877+00:00

    The problem is that you didn't register new certificate with RDS service. You have to use WMI to register it: 

    $path = (Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").__path
Set-WmiInstance -Path $path -argument @{SSLCertificateSHA1Hash="$Thumbprint"}

    where $Thumbprint is the thumbprint of the certificate.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.