Remote Desktop keeps asking me to accept a Certificate?
The certificate needs to be added to your Local Computer's "Trusted Root Certification Authorities" store. Adding it to the user's "Trusted Root Certification Authorities" store is not enough! If this sounds confusing don't worry - it is.
If you think you already installed the certificate, skip to "Move Certificate on Client."
Export Certificate on Server
First the certificate needs to be exported to a file. On the server, i.e. the computer you'd like to connect to:
- Run
%windir%\System32\mmc.exe - Menu
File->Add/Remove Snap-in... - Select
Certificates->Add >->Computer account->Local computer->Finish -
OKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer). - Select
Certificates (Local Computer)->Remote Desktop->Certificates. There should be a single certificate with your computer's name. - Open the certificate.
- Open the
Detailstab. Copy to File...- Select any format, e.g.
DER encoded binary X.509 (.CER). - Type in any file name, e.g.
<computername>.cer. - Copy the file to your client computer.
Another way to get the certificate is to follow steps 6 to 10 on your client computer, on the Remote Desktop warning dialog mentioned in the question. But you're trusting the network in this case. At least compare the fingerprints, so you can be sure you trust the right certificate.
Import Certificate on Client
On the client, i.e. the computer you're connecting from, an receive the warning popup, do:
- Run
%windir%\System32\mmc.exe - Menu
File->Add/Remove Snap-in... - Select
Certificates->Add->Computer account->Local computer->Finish -
OKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer). - Select
Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates. - Menu
Action->All Tasks->Import.... - Enter the path to the exported certificate, e.g.
<computername>.cer. -
Place all certificates in the following store->Trusted Root Certification Authorities. -
Finish. You should no longer receive the warning.
Move Certificate on Client
If you already installed the certificate through the warning dialog, you can find the certificate in the current user's store. Skip the steps above and just move the certificate to the right place:
- Follow steps 1 to 3 as described in "Import Certificate on Client."
- Add another
Certificatessnap-in, this time forMy user account. - The certificate should be here somewhere. Try
Certificates - Current User->Intermediate Certification Authorities->Certificatesfirst. - Drag-and-drop or cut-and-paste the certificate to
Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates. Note that the certificate stores stack, so you will still see the certificate in you user's store! You should no longer receive the warning.
I think you need to check the path of the certificate and have your computer trust the actual root and/or intermediates and not the certificate itself. You can also see under the path tab where the actual problem lies...
On the pictures the certificate you're installing doesn't seem to be invalid - the root of the problem is.. eh.. that was a stupid pun, sorry ^^