musickmann
asked on
RDC Web access with SMB Server 2011 Certificate errors trusted root store
So, I've taken over this SMB 2011 server and it appears to have an expired certificate, I thought I had that taken care of, but looks like I'm missing something.
When the users go to remote.OURDOMAIN.com they get a certificate error, then can click through to the page. That page shows them a list of computers they can connect to, and now they are unable to connect to them. When you click a computer to connect, the first screen that comes up is a RemoteApp warning, unknown publisher. Then they enter their credentials and are told
This computer can't verify the identity of the RD gateway "remote.OURDOMAIN.com". It's not safe to connect to servers that can't be identified.
The certificate you can view has the error:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
I've been trying to put it in the root store, and I thought I did that, but it's still not working. Kinda stuck on what to try next.
When the users go to remote.OURDOMAIN.com they get a certificate error, then can click through to the page. That page shows them a list of computers they can connect to, and now they are unable to connect to them. When you click a computer to connect, the first screen that comes up is a RemoteApp warning, unknown publisher. Then they enter their credentials and are told
This computer can't verify the identity of the RD gateway "remote.OURDOMAIN.com". It's not safe to connect to servers that can't be identified.
The certificate you can view has the error:
This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.
I've been trying to put it in the root store, and I thought I did that, but it's still not working. Kinda stuck on what to try next.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I highly recommend purchasing a trusted third party certificate, they're fairly cheap (GoDaddy for example) and very much outweigh the administrative overhead associated with running a self-signed certificate.
With a trust third party certificate, you don't need to add the certificate to all of the users' machines. As long as they have an internet connection to check the Certificate Revocation List (CRL) occasionally, no certificate errors will be presented to the user.
With a trust third party certificate, you don't need to add the certificate to all of the users' machines. As long as they have an internet connection to check the Certificate Revocation List (CRL) occasionally, no certificate errors will be presented to the user.
ASKER
Thanks for the suggestion. I will definitly look into a 3rd party cert for this client.
I'm now also having some problems with accessing shared folders from the web access. No certificate errors, but I suppose it could be related.
The oddity is that it seems they had none of these problems before the cert expired, and it was always self signed.
I'm now also having some problems with accessing shared folders from the web access. No certificate errors, but I suppose it could be related.
The oddity is that it seems they had none of these problems before the cert expired, and it was always self signed.
ASKER
Excellent tool for identifying errors, saved me a ton of time. Thanks!
ASKER
The checker tool returns all green checks, so that is a good thing I suppose.
This is actually a self-signed certificate, since I'm not too familiar with all this SSL stuff, I'm guessing that is the root of the issue?
I prepared some instructions for the client on how to download and add the certificate to their local machines as a trusted host certificate, is that the only option with a self-signed certificate?
I can't seem to get the certificate to install on the server as a trusted root, so I'm not sure if I'm missing something, or if it just isn't possible.