i'm using Remote Desktop on Windows 7 RC1, connecting to a Windows 2008 server.
Everytime i start a connection, i get the following popup window :-
The certificate problem makes sense -> it was created from my own server, which is not an offical certificate authority. Sure. So I need to tell my machine that any certificate that comes from my server, can u please accept.
So i View the certificate and install it. I let it determine the best place to install it.
eg
Unfortunately, every time i connect, i still get that popup question.
So i tried to manually tell where to install it. I said to install it at
eg.
but still i get the warning question.
So .. does anyone have any suggestions?
Best Answer
The certificate needs to be added to your Local Computer's "Trusted Root Certification Authorities" store. Adding it to the user's "Trusted Root Certification Authorities" store is not enough! If this sounds confusing don't worry - it is.
If you think you already installed the certificate, skip to "Move Certificate on Client."
Export Certificate on Server
First the certificate needs to be exported to a file. On the server, i.e. the computer you'd like to connect to:
%windir%\System32\mmc.exe
File
->Add/Remove Snap-in...
Certificates
->Add >
->Computer account
->Local computer
->Finish
OK
theAdd or Remove Snap-ins
dialog. The console should now containCertificates (Local Computer)
.Certificates (Local Computer)
->Remote Desktop
->Certificates
. There should be a single certificate with your computer's name.Details
tab.Copy to File...
DER encoded binary X.509 (.CER)
.<computername>.cer
.Another way to get the certificate is to follow steps 6 to 10 on your client computer, on the Remote Desktop warning dialog mentioned in the question. But you're trusting the network in this case. At least compare the fingerprints, so you can be sure you trust the right certificate.
Import Certificate on Client
On the client, i.e. the computer you're connecting from, an receive the warning popup, do:
%windir%\System32\mmc.exe
File
->Add/Remove Snap-in...
Certificates
->Add
->Computer account
->Local computer
->Finish
OK
theAdd or Remove Snap-ins
dialog. The console should now containCertificates (Local Computer)
.Certificates (Local Computer)
->Trusted Root Certification Authorities
->Certificates
.Action
->All Tasks
->Import...
.<computername>.cer
.Place all certificates in the following store
->Trusted Root Certification Authorities
.Finish
. You should no longer receive the warning.Move Certificate on Client
If you already installed the certificate through the warning dialog, you can find the certificate in the current user's store. Skip the steps above and just move the certificate to the right place:
Certificates
snap-in, this time forMy user account
.Certificates - Current User
->Intermediate Certification Authorities
->Certificates
first.Certificates (Local Computer)
->Trusted Root Certification Authorities
->Certificates
. Note that the certificate stores stack, so you will still see the certificate in you user's store! You should no longer receive the warning.