Certificate not trusted over Win7 to Win7 Remote Desktop connection
up vote
2
down vote
favorite
I'm experiencing a certificate issue while connecting two Windows 7 machines together via Remote Desktop. I have installed the certificate, but I'm getting a message that says the cert is not trusted. What can I do about this?
windows remote-desktop certificate
edited Sep 2 '11 at 5:14
Pops
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
migrated from serverfault.com Aug 25 '11 at 23:41
This question came from our site for system and network administrators.
add a comment |
up vote
2
down vote
favorite
I'm experiencing a certificate issue while connecting two Windows 7 machines together via Remote Desktop. I have installed the certificate, but I'm getting a message that says the cert is not trusted. What can I do about this?
windows remote-desktop certificate
edited Sep 2 '11 at 5:14
Pops
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
migrated from serverfault.com Aug 25 '11 at 23:41
This question came from our site for system and network administrators.
1
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I'm experiencing a certificate issue while connecting two Windows 7 machines together via Remote Desktop. I have installed the certificate, but I'm getting a message that says the cert is not trusted. What can I do about this?
windows remote-desktop certificate
edited Sep 2 '11 at 5:14
Pops
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
I'm experiencing a certificate issue while connecting two Windows 7 machines together via Remote Desktop. I have installed the certificate, but I'm getting a message that says the cert is not trusted. What can I do about this?
windows remote-desktop certificate
windows remote-desktop certificate
edited Sep 2 '11 at 5:14
Pops
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
edited Sep 2 '11 at 5:14
Pops
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
edited Sep 2 '11 at 5:14
Pops
4,660246390
edited Sep 2 '11 at 5:14
Pops
4,660246390
edited Sep 2 '11 at 5:14
Pops
4,660246390
4,660246390
asked Aug 25 '11 at 23:35
Weijing Lin
11113
asked Aug 25 '11 at 23:35
Weijing Lin
11113
asked Aug 25 '11 at 23:35
Weijing Lin
11113
11113
migrated from serverfault.com Aug 25 '11 at 23:41
This question came from our site for system and network administrators.
migrated from serverfault.com Aug 25 '11 at 23:41
This question came from our site for system and network administrators.
1
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40
add a comment |
1
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40
1
1
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40
add a comment |
5 Answers
5
active
oldest
votes
up vote
0
down vote
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
add a comment |
up vote
0
down vote
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
add a comment |
up vote
0
down vote
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
edited Sep 2 '11 at 5:14
Pops
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
add a comment |
up vote
0
down vote
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
answered Nov 18 '13 at 12:10
Chris
18910
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
add a comment |
up vote
0
down vote
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
answered Mar 14 '15 at 1:45
Low Information Voter
83
add a comment |
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
add a comment |
up vote
0
down vote
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
add a comment |
up vote
0
down vote
up vote
0
down vote
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
To be honest, if this is a low security environment and you are sure you know the target machine, just click ok/allow it.
If however it is a high security environment and you want certificates to work, make sure that you have imported the certificate in to the correct zone. Try importing again and allow the system to choose the location to import to.
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
answered Aug 26 '11 at 1:00
William Hilsum
108k16159249
108k16159249
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
add a comment |
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
4
4
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
Better yet, if it's a high security environment get some proper certificate architecture or pay for a certificate. Good luck revoking a self-signed cert you've installed onto all of your clients' trusted root certificate stores...
– ta.speot.is
Aug 27 '11 at 12:23
add a comment |
up vote
0
down vote
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
add a comment |
up vote
0
down vote
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
add a comment |
up vote
0
down vote
up vote
0
down vote
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
I'm assuming you are using a self signed certificate and you are not part of a domain. If you are part of a domain, and your domain hosts a CA, then the self signed certificate won't do.
If you aren't in a domain, then your server's certificate has to be imported into the client's Trusted Root Certificate Authority.
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
answered Aug 27 '11 at 10:40
surfasb
20.6k34170
20.6k34170
add a comment |
add a comment |
up vote
0
down vote
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
edited Sep 2 '11 at 5:14
Pops
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
add a comment |
up vote
0
down vote
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
edited Sep 2 '11 at 5:14
Pops
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
add a comment |
up vote
0
down vote
up vote
0
down vote
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
edited Sep 2 '11 at 5:14
Pops
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
Make sure that both computers have passwords, that remote assistance is on and that both machines are in the same local area network. I have tried this before and it works properly.
edited Sep 2 '11 at 5:14
Pops
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
edited Sep 2 '11 at 5:14
Pops
4,660246390
edited Sep 2 '11 at 5:14
Pops
4,660246390
edited Sep 2 '11 at 5:14
Pops
4,660246390
4,660246390
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
answered Aug 26 '11 at 6:14
Cin Sb Sangpi
116126
116126
add a comment |
add a comment |
up vote
0
down vote
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
answered Nov 18 '13 at 12:10
Chris
18910
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
add a comment |
up vote
0
down vote
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
answered Nov 18 '13 at 12:10
Chris
18910
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
add a comment |
up vote
0
down vote
up vote
0
down vote
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
answered Nov 18 '13 at 12:10
Chris
18910
Not really an issue so much as ssl doing what it's supposed to do.
All it means is your computer does not recognise the entity which signed the certificate the remote computer is presenting to identify itself with. By default, windows trusts signing authorities like GoDaddy and VeriSign so when you visit websites with certificates signed by these authorities, windows accepts that the remote computer is who it claims to be.
To "fix" the message, you can either tell your computer to trust the signing entity by adding the server certificate to the trusted root CA store on the client as described by @surfasb, or get (buy) and import a new signed server certificate from an already trusted CA.
If you don't get a root CA signed cert, you will to import the current cert on every new client you connect from. If this is for business use, just get a signed certificate for the server and save yourself the hassle.
answered Nov 18 '13 at 12:10
Chris
18910
answered Nov 18 '13 at 12:10
Chris
18910
answered Nov 18 '13 at 12:10
Chris
18910
answered Nov 18 '13 at 12:10
Chris
18910
18910
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
add a comment |
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
did not realise this was a 2 year old question! :O
– Chris
Nov 18 '13 at 12:12
add a comment |
up vote
0
down vote
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
answered Mar 14 '15 at 1:45
Low Information Voter
83
add a comment |
up vote
0
down vote
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
answered Mar 14 '15 at 1:45
Low Information Voter
83
add a comment |
up vote
0
down vote
up vote
0
down vote
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
answered Mar 14 '15 at 1:45
Low Information Voter
83
Regardless of how old this post is, this question is still valid and remains "unresolved". I just today was able to fix this issue for my own system.
I have a PC named "phenom" that i connect to from a PC named "laptop". Upon connection, I get the warning message mentioned by the OP. After a fair bit of searching, I found the solution:
The certificate that gets installed is valid only against the name of the PC. I kept connecting to the "phenom" workstation based on its IP address which was causing the self-signed certificate to fail verification. Connecting based on the name eliminated the warning and allowed me to utilize the certificate in the correct manner.
answered Mar 14 '15 at 1:45
Low Information Voter
83
answered Mar 14 '15 at 1:45
Low Information Voter
83
answered Mar 14 '15 at 1:45
Low Information Voter
83
answered Mar 14 '15 at 1:45
Low Information Voter
83
83
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f328133%2fcertificate-not-trusted-over-win7-to-win7-remote-desktop-connection%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
Where did you get the certificate, what did you use for the CN value of the certificate? Is the CA that signed the certificate trusted by windows? Why do you need this?
– Zoredache
Aug 26 '11 at 0:09
@Zoredache Windows 7 generates one automatically with some random stuff in it if a DC wasn't available to issue you one.
– vcsjones
Aug 26 '11 at 0:27
@vcsjones, I know about the automatically generated certificates, but he mentioned he installed one. I was just wondering if he had purchased a certificate from a CA like godaddy.. It is very easy to do, though I can't imagine why someone would pay for one for RDP.
– Zoredache
Aug 26 '11 at 3:40