Online Help > Knowledge Base > Security

Certificate validation

Description

 

Remote Desktop Manager can validate certificates against the certificate store. However, ensure to only validate certificates from a trusted certification authority.

 

This topic covers:

Verify the Certification Authority (CA)

Remember a certificate

Certificate options

Troubleshooting steps for certificate errors

 

Verify the Certification Authority (CA)

1.Open the certificate, then verify by which Certification Authority the certificate has been issued by, in the General tab.

 

 

2.Verify that the Certification Authority is properly installed in the certificate store.

 

 

 

Remember a certificate

It is possible for Remote Desktop Manager to remember a certificate when prompted to verify it.

 

 

For the current session only: click Continue.

Until the cache is cleared: click Continue and Remember.

 

Always make sure that the certificate is valid before clicking on any of those choices. Verify the certificate by clicking View Certificate.

 

 

Certificate options

 

Navigate to File – Options – Security – Certificate security to manage options related to certificates.

 

 

Ignore application certificate errors

Enable this option to disable the application certificate validation. This is not recommended, as it would compromise confidentiality and integrity of communications between the client and the server, and could expose the application to potential threats.

 

Reset Known Certificates

Use this option to clear the cached certificates. All certificates would need to be validated again.

 

Troubleshooting

 

To find out more about why the certificate validation failed, you can use some tools, but you need to export the certificate first.

 

To export the certificate, follow these steps:

 

1.Click View certificate in the Remote Desktop Manager prompt.

2.Click on the Details tab of the Windows certificate prompt.

3.Click Copy to File... and proceed to export the certificate as a .cer file.

 

Certificate Window

Certificate Window

 

Tools

 

Here are some tools that can be used to verify the newly exported certificate:

 

1.Using PowerShell (requires PowerShell v4):

 

 1.1 In a PowerShell console, replace the path below with the path of your certificate, then run:

 

$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\Users\mmorrissette\Desktop\cert.cer")

 

 1.2 Then, run the following command:

 

Test-Certificate -Cert $cert

 

 

2. Using CMD:

 

Run the following command (replace the path below with the path of your certificate):

 

certutil -verify "C:\Users\mmorrissette\Desktop\cert.cer"

 

 

The resulting output from those tools can be used to obtain more information about the encountered issue.

 

 

Common Issues

 

Root and Intermediate certificate authority are not properly installed in the Windows certificate store.

 

Ensure that the proxy server blocks do not block the CRL (Certificate Revocation List) server as it is required to validate a certificate.

 

Certificate - CRL server

Certificate - CRL server