Certificate Validation

When Remote Desktop Manager connects to a URL using the HTTPS protocol, it will validate the certificate using industry best practices. The first hurdle is to validate that your device trusts the authority that issued the certificate, called the Root Certification Authority (CA). Each certificate is typically a hierarchy of intermediate CAs under a root, each one typically under the jurisdiction of a different legal entity. The end result is that each level adds their own validation steps.

For certain organizations with a mature infoseq practice, other departments have final authority on all network communications, we have created options to disable certain validations, but this should be done as a last resort action. Please look at the Certificate Security options section below

Often times, users will focus on Remote Desktop Manager as the most likely source of the error, but since we use basicnet features to perform the validation, a bug is unlikely. Ultimately, if running the certificate validation using tools that are offered with your operating system indicate an error, Remote Desktop Manager will also indicate one. To quickly identify if this is the case, export the certificate by:

  1. Choosing View Certificate in our Certificate validation error dialog
  2. Export it as described in System Dialog
  3. Perform a Manual Certificate Validation If the validation is successful, contact us to open a ticket. If it is not successful, you can see with your IT department to resolve the blockage, or you use our options to disable certificate validation.

Troubleshooting WITHIN Remote Desktop Manager

Remote Desktop Manager indicates a certificate validation error by displaying the following dialog:

Certificate validation error dialog
Certificate validation error dialog

Before ignoring the error or adding the certificate to you exception list, always perform a perfunctory validation of the certificate by using the View Certificate action, you should validate the Issued To and Issued By fields to determine if they seem correct for your organization.

The dialog offers five commands

Command Description
Continue Will accept the certificate for this session only.
Continue and Remember Will accept the certificate and remember your choice. To "forget" a certificate that had been previously added, you must clear the certificate exemption list using the Certificate Security related options
Abort This will abort the communication that is being attempted, it will result in an error that the service is unreachable.
Diagnose This will display the Certificate Diagnostic Window below
View Certificate Displays the certificate using the System Dialog. You can use this to export the certificate for a manual validation.

Remote Desktop Manager Certificate diagnostic window

Certificate Diagnostic Window
Certificate Diagnostic Window

System dialog

To find out more about why the certificate validation failed, you can use some tools, but you need to export the certificate first.

To export the certificate, follow these steps:

  1. Click on the Details tab of the Windows certificate prompt.
  2. Click Copy to File.. and proceed to export the certificate as a *.cer file.
    Certificate information system dialog
    Certificate information system dialog

Manual certificate validation

Here are some tools that can be used to verify the newly exported certificate:

Using PowerShell (requires PowerShell v4)

In a PowerShell console, adapt the path for your certificate, then run:

$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("%USERPROFILE%\Desktop\cert.cer"
Test-Certificate -Cert $cert

Using CMD

Adapt the path for your certificate, then Run the following command:

certutil -verify "%USERPROFILE%\Desktop\cert.cer"

The resulting output from those tools can be used to obtain more information about the issue.

Navigate to File – Options – Security – Certificate security to manage options related to certificates.

Remote Desktop Manager Options
Remote Desktop Manager Options

Option Description
Ignore application certificate errors Enable this option to disable the application certificate validation. This is not recommended, as it would compromise confidentiality and integrity of communications between the client and the server and could expose the application to potential threats.
Check for server certificate revocation Enable the validation that the certificate has not been revoked. This is necessary is any of the URLs for Certificate Validation are unavailable for any reason.
Reset Known Certificates Use this option to clear the cached certificates. All certificates would need to be validated again.

Verify the Certification Authority (CA)

  1. Open the certificate, then verify by which Certification Authority the certificate has been issued by , in the General tab.
    KB4448.png
  2. Verify that the Certification Authority is properly installed in the certificate store.
    KB4449.png

Certificate revocation check

Ensure that the CRL (Certificate Revocation List) server is reachable as it is required to validate a certificate.

KB4454.png