Users in a workgroup connect to a remoteapp published on a Windows 2008 R2 terminal server. User’s workstations belong to a workgroup, not the Windows 2003 active directory (AD) to which the Windows 2008 terminal server belongs. Every 6 months the W2008 server certificate expires. When it expires the users are required to accept the new certificate. (See image of certificate). I realize that the root certificate for the W2008's certificate is not installed on the workstations. My goal is to stop requiring the users to have to accept a new certificate every 6 months. I see only two options.
1. Join the workstations to the AD.
2. Configure a domain certificate authority and then add its root certificate to the workgroup workstations.
Are there other options available for auto accepting the certificate or maybe extending the servers expiration date? Can I retrieve the AD's root certificate without installing a CA server?
Certificate image here