With Microsoft RDP client, how do I mark a particular server certificate as trusted?

Solution 1:

I looked into this a bit, and in my case the issue was on the RDP Server side. The certificate it was using was actually a self-signed, automatically generated one that was not signed by my local CA's root certificate. It thus didn't matter where I put the root cert, I always got the pop-up saying "The Certificate is not trusted..."

I installed the root cert from my local CA in the System keychain and set it to Always Trust, then on the Windows Server side, using Administrative Tools -> Remote Desktop Services -> Remote Desktop Session Host configuration, I updated the certificate assigned to the RDP-Tcp connection. Right-click RDP-Tcp Connection, choose Properties. On the General tab, see at the bottom there's a link labelled "Auto-generated"

(see an image of the pane here: http://www.windowsecurity.com/img/upl/image0021281709633474.jpg)

That's the self-signed certificate. Clicking Select lets you choose any other certificate already on the machine. Once that change was made, the prompt was gone from the client side on the next login.

Hope this helps (though it really only helps if you have admin access on the Windows side...)