We're going through the process of switching our SHA-1-signed certificates to SHA-256 ones primarily due to Google's gradual sunsetting of SHA-1. Many of these servers are Windows-based IIS servers, so we're also configuring them to use the new certificates for TLS connections for RDP, as well.

This process also includes swapping out the intermediate certificates, since the servers are currently using them (SHA-1) and they'll need to use the new ones (SHA-256).

The problem is that I can't figure out how to get the servers to stop using the SHA-1 intermediate. With RDP over TLS, they keep sending it instead of the new SHA-256 intermediate certificate, which throws off the official Mac RDP Client:

The error message (untrusted root certificate) is provably incorrect, though.

The key point, though, is that this only happens when the SHA-1 intermediate is sent. Using OpenSSL, I can see that the SHA-1 intermediate is being sent.

• OpenSSL showcerts - affected server output
• OpenSSL showcerts - non-affected server output

When it sends the SHA-256 intermediate, the error message doesn't happen. How can I configure my Windows servers to send it and never send the SHA-1 one? Or am I misunderstanding something and way off the mark?

Things I've tried:

• Using the "Edit Properties" button on the SHA-1 intermediate certificate to disable it for all uses.
• Removing the SHA-1 intermediate certificate from all certificate stores.
• Restarting the Remote Desktop service after these things.
• Rebooting after these things.

Notes:

• Windows clients are unaffected. They connect just fine and indicate the connection is secure.
• We're using StartCom certificates. All affected servers were previously set up with SHA-1 certificates and the StartCom SHA-1 intermediate, but now have the SHA-256 ones installed.
• New Windows servers set up with just the SHA-256 ones installed work just fine.