RDC Web access with SMB Server 2011 Certificate errors trusted root store

So, I've taken over this SMB 2011 server and it appears to have an expired certificate, I thought I had that taken care of, but looks like I'm missing something.

When the users go to remote.OURDOMAIN.com they get a certificate error, then can click through to the page. That page shows them a list of computers they can connect to, and now they are unable to connect to them. When you click a computer to connect, the first screen that comes up is a RemoteApp warning, unknown publisher. Then they enter their credentials and are told
This computer can't verify the identity of the RD gateway "remote.OURDOMAIN.com". It's not safe to connect to servers that can't be identified.

The certificate you can view has the error:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

I've been trying to put it in the root store, and I thought I did that, but it's still not working. Kinda stuck on what to try next.
musickmannData AnalystAsked:
Who is Participating?
N-WConnect With a Mentor Commented:
Start by checking if your SSL certificate is installed correctly by using a tool like: http://www.digicert.com/help/
musickmannData AnalystAuthor Commented:
Sorry for the delay here, had some things come up that took priority.

The checker tool returns all green checks, so that is a good thing I suppose.

This is actually a self-signed certificate, since I'm not too familiar with all this SSL stuff, I'm guessing that is the root of the issue?

I prepared some instructions for the client on how to download and add the certificate to their local machines as a trusted host certificate, is that the only option with a self-signed certificate?

I can't seem to get the certificate to install on the server as a trusted root, so I'm not sure if I'm missing something, or if it just isn't possible.
I highly recommend purchasing a trusted third party certificate, they're fairly cheap (GoDaddy for example) and very much outweigh the administrative overhead associated with running a self-signed certificate.

With a trust third party certificate, you don't need to add the certificate to all of the users' machines. As long as they have an internet connection to check the Certificate Revocation List (CRL) occasionally, no certificate errors will be presented to the user.
musickmannData AnalystAuthor Commented:
Thanks for the suggestion. I will definitly look into a 3rd party cert for this client.

I'm now also having some problems with accessing shared folders from the web access. No certificate errors, but I suppose it could be related.

The oddity is that it seems they had none of these problems before the cert expired, and it was always self signed.
musickmannData AnalystAuthor Commented:
Excellent tool for identifying errors, saved me a ton of time. Thanks!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.