Solved

Remote Desktop - Get Certificate error when connecting with IP vs Machine Name

Posted on 2014-10-15
4
542 Views
Last Modified: 2014-10-15
i just installed an Enterprise Cert Authority on my Domain and have set up a certificate template for Remote Desktop. That template is now part of a global policy for remote desktop, and seems to be working fine (no certificate issues) when I remote into a server using it's machine name. However, I get a "Name Mismatch" certificate error when I try to connect using the same servers IP address.

Is there any way to resolve this? We have a ton of servers, and most admin/developer users connect remotely to them via IP address rather than machine name.

-Colman
0
Comment
Question by:ca_nimrod
  • 2
4 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 250 total points
ID: 40382697
the purpose of a certificate is to verify that the host name you are using is verified. When you connect with IP you are bypassing and just going straight to the server. Unfortunately, there is not a way around this except to use the name when connecting.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 250 total points
ID: 40382707
The explanation here is simple:
The way certificates work: They rely on matching the keypair as well as the CN or subject name or SAN Subject alternative names.

Since your certificate is probably issues in SERVERNAME as the CN then any requests that do not match SERVERNAME will show an error.

There is no way around this as Ip addresses are not accepted as Subject names for digital certificates:
http://tools.ietf.org/html/rfc6125#section-1.7.2

You can create a SAN and add the ip address if you want to, again this is not recommended.
0
 

Author Closing Comment

by:ca_nimrod
ID: 40382734
Thank you, I had suspected as much but having confirmation of my suspicions is what I needed. Thank you.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40382752
you're welcome
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now