Certificate validation

When Remote Desktop Manager connects to a URL using the HTTPS protocol, it will validate the certificate using industry best practices. The first hurdle is to validate that your device trusts the authority that issued the certificate, called the Root Certification Authority (CA). Each certificate is typically a hierarchy of intermediate CAs under a root, each one usually under the jurisdiction of a different legal entity. The end result is that each level adds their own validation steps.

For certain organizations with a mature InfoSeq practice, other departments have final authority on all network communications, we have created options to disable certain validations, but this should be done as a last resort action. Please look at the Certificate Security options section below:

Often times, users will focus on Remote Desktop Manager as the most likely source of the error, but since we use basicnet features to perform the validation, a bug is unlikely. Ultimately, if running the certificate validation using tools that are offered with your operating system indicate an error Remote Desktop Manager will also indicate one. To quickly identify if this is the case, export the certificate by:

  1. Choosing View Certificate in the Certificate validation error dialog.

  2. Export it as described in System Dialog.

  3. Perform a Manual Certificate Validation. If the validation is successful, contact us to open a ticket. If it is not successful, see with your IT department to resolve the blockage, or disable certificate validation.

Troubleshooting WITHIN Remote Desktop Manager

Remote Desktop Manager indicates a certificate validation error by displaying the following dialog:

Certificate error dialog
Certificate error dialog

Before ignoring the error or adding the certificate to the exception list, always perform a perfunctory validation of the certificate by using the View Certificate action, verify the Issued To and Issued By fields to determine if they seem correct for your organization.

The dialog offers five commands:

Command Description
Continue This option will accept the certificate for this session only.
Continue and Remember This option will accept the certificate and remember your choice. To "forget" a certificate that had been previously added, you must clear the certificate exemption list using the Certificate security-related options.
Abort This option will abort the communication that is being attempted, it will result in an unreachable error.
Diagnose This option will display the Certificate Diagnostic Window.
View Certificate This option will display the certificate using the System Dialog. You can use this to export the certificate for a manual validation.

Remote Desktop Manager Certificate diagnostic window

Certificate Diagnostic
Certificate Diagnostic

System dialog

To find out more about why the certificate validation failed, you can use some tools, but the certificate needs to be exported first.

To export the certificate, follow these steps:

  1. Go to the Details tab of the Windows certificate prompt.
  2. Click Copy to File... and proceed to export the certificate as a *.cer file.
    Certificate information system dialog
    Certificate information system dialog

Manual certificate validation

Here are some tools that can be used to verify the newly exported certificate:

Using PowerShell (requires PowerShell v4)

In a PowerShell console, adapt the path for the certificate file, then run: $cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("%USERPROFILE%\Desktop\cert.cer" Test-Certificate -Cert $cert

Using CMD

Adapt the path for the certificate file, then run the following command: certutil -verify "%USERPROFILE%\Desktop\cert.cer"

The resulting output from the tools mentioned above can be used to obtain more information about the issue.

Navigate to FileSettingsSecurityCertificate security to manage options related to certificates.

Certificate security options
Certificate security options

The Reset Known Certificates option only appears if you have selected Continue and Remember on one or more certificate.

Option Description
Ignore application certificate errors Enable this option to disable the application certificate validation. This is not recommended, as it would compromise confidentiality and integrity of communications between the client and the server and could expose the application to potential threats.
Check for server certificate revocation This option checks that the certificate has not been revoked. This is necessary if any of the URLs for Certificate Validation are unavailable for any reason.
Reset Known Certificates Use this option to clear the cached certificates. All certificates will need to be validated again.

Verify the Certification Authority (CA)

  1. Open the certificate, then verify by which Certification Authority the certificate has been Issued by, in the General tab.
    Certificate Issued by
    Certificate Issued by
  2. Verify that the Certification Authority is properly installed in the certificate store.
    Certificates
    Certificates

Certificate revocation check

Ensure that the CRL (Certificate Revocation List) server is reachable as it is required to validate a certificate.

CRL
CRL

Devolutions Forum logo Give us Feedback