2
I'm experiencing a certificate issue while connecting two Windows 7 machines together via Remote Desktop. I have installed the certificate, but I'm getting a message that says the cert is not trusted. What can I do about this?
Weijing Lin
Posted 2011-08-25T23:35:24.650
Reputation: 121
0
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
William Hilsum
Posted 2011-08-25T23:35:24.650
Reputation: 111 572
4Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores... – ta.speot.is – 2011-08-27T12:23:52.753
0
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
Cin Sb Sangpi
Posted 2011-08-25T23:35:24.650
Reputation: 129
0
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
surfasb
Posted 2011-08-25T23:35:24.650
Reputation: 21 453
0
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
Chris
Posted 2011-08-25T23:35:24.650
Reputation: 194
did not realise this was a 2 year old question! :O – Chris – 2013-11-18T12:12:32.457
0
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
Low Information Voter
Posted 2011-08-25T23:35:24.650
Reputation: 13
1Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this? – Zoredache – 2011-08-26T00:09:23.373
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one. – vcsjones – 2011-08-26T00:27:49.690
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP. – Zoredache – 2011-08-26T03:40:41.613