RDS ucc certificate show wrong SAN name.

Roque Catanese 1 Reputation point
2022-09-06T21:00:25.53+00:00

I have UCC certificate for all services and work correctly except for vdi (RDS Windows 2019).
When connect to the url wotk correctly but when open the RDP show a warning about the name of the certificate.
the url is vdi.groupa.bz
and if you test the certificate is valid and is installed correctly.
https://www.whynopadlock.com/results/6e89ad87-940e-40d7-ba03-6239e57e0250

And when connect to the RDP show the name "cloud.groupa.bz" that is the first in the list of alternate names or protected domains.
The RDP connected after accept but I need that238325-vdi-cert-cloudgroupabz.png

I wait your comments and help to fix this.

Best regards,
Roque.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,300 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Rafael da Rocha 5,091 Reputation points
    2022-09-06T21:43:17.333+00:00

    The problem isn't about the name, the error states that it couldn't check for revocation information. Maybe your CA had a problem with the CDP or the CRL expired.
    Other option is some appliance doing SSL inspection, which could remove some information from the certificate, including the CDP information needed to do the revocation check.


  2. Roque Catanese 1 Reputation point
    2022-09-07T13:31:20.83+00:00

    Sorry but the error is the following:

    238609-image.png

    This is the error that show when connect from inside and outside.

    0 comments No comments

  3. Roque Catanese 1 Reputation point
    2022-09-07T13:37:16.66+00:00

    This is other example that happen with other VDI service.

    238681-image.png


  4. Roque Catanese 1 Reputation point
    2022-09-10T15:18:07.787+00:00

    The certificate have the alternate name broker.groupd.bz in the list.

    When open the url vdi.groupd.bz always appear fine in web browser but each time that open the RDP show the warning about the revocation or the error about the name.

    The name is correct because thje certificate is an UCC and have all names.
    And if I test the url for the revocartion list, from the client connect correctly and it download the file ""http://crl.godaddy.com/gdig2s1-4373.crl
    .

    239710-image.png

    0 comments No comments