This computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network admin

Hi guys,

I am not too expert at certificates and need to resolve this issue soon.

I took over one client to help with IT work who have a RDS server. Basically couple of users work from home to use some RDS apps those are installed on this server, namely, QuickBooks and Outlook 2013. It is server 2012 R2. There are only two users who sometimes work from home.

I noticed that the last SSL was issue by godaddy which recently expired and therefore when I was trying to login to the "remote app" the error I was getting was pointing to the expired SSL and hence the app wont open.

Steps that users follow to run RDS apps on their local machine are as following:

- Visit: https://remote.domain.com/rdweb

- it shows a cert error that site is not secure. Your PC doesn’t trust this website’s security certificate.
The hostname in the website’s security certificate differs from the website you are trying to visit.
Error Code: DLG_FLAGS_INVALID_CA
DLG_FLAGS_SEC_CERT_CN_INVALID

- We continue regardless
- After login as the user -   domain\username
- We see the remote apps and desktop
- Click on QuickBooks app to run locally on the computer
- Click open and then Allow
- It ask for username and password in a window, enter the domain\user and password
- Box pop up with an error message.

In order to avoid this message and have users still work, I created a self-signed certificate using following steps:

- Opened RD Gateway manager on the RDS server
- Right click properties
- SSL Certificate tab
- Clicked on "create a self-signed certificate"
- Created a new self-signed ceritifThis computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network adminicate and then copied it to "Trusted Root certificates"

It is now showing that The following cert is installed on "RDS server"

Issued to:  Myselfsignedcert-RDSServer.domain.local
Issued by: Myselfsignedcert-RDSServer.domain.local
Expiration: 2018-05-06

However after making these changes I am still not able to run the RDS apps from remote client computers ( windows 10 home computer ) and the error is coming as:

 This computer can't verify the identity of the RD Gatewat "remote.domain.com". Its not safe to connect to servers that cant be identified. Contact your network admin


Does this mean that I need to buy the certificate from other companies like Godaddy and only then it will work ?  
If yes for sure, what kind of cert I need to buy and what are the steps involved.

Can self-signed certificate work some how ?
( Sorry my knowledge in this area is very limited )

thank you in advance.
Nick PerksIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hemil AquinoNetwork EngineerCommented:
hi, If the certificate expired, then you need to re-issue the certificate. Buy it in few words and re-issue it.
You need to buy it through godaddy or namecheap.com. Namecheap has cheap certificate for three years.
0
Shaun VermaakTechnical SpecialistCommented:
The only way to use self-signed is to add them to each computers certificate store.
I would just renew the certificate.
0
Hemil AquinoNetwork EngineerCommented:
In order for you to avoid headaches. Just buy it and reissue it again.

Plus you wouldn't like people sniffing your traffic and steal your login credentials right?

You don't have to install it manually. All you have to do it's remove the option of the certificate and accept the option that says your connection might not be encrypted.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.