> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/certificate-validation.md).
# Certificate validation
When Remote Desktop Manager connects to a URL using the HTTPS protocol, it will validate the certificate using industry best practices. The first hurdle is to validate that your device trusts the authority that issued the certificate, called the Root Certification Authority (CA). Each certificate is typically a hierarchy of intermediate CAs under a root, each one usually under the jurisdiction of a different legal entity. The end result is that each level adds their own validation steps.
For certain organizations with a mature InfoSeq practice, other departments have final authority on all network communications, we have created options to disable certain validations, but this should be done as a last resort action. Please look at the Certificate Security options section below:
{% hint style="warning" %}
Often times, users will focus on Remote Desktop Manager as the most likely source of the error, but since we use basicnet features to perform the validation, a bug is unlikely. Ultimately, if running the certificate validation using tools that are offered with your operating system indicate an error Remote Desktop Manager will also indicate one. To quickly identify if this is the case, export the certificate by:1. Choosing View Certificate in the Certificate validation error dialog. 2. Export it as described in System Dialog. 3. Perform a Manual Certificate Validation. If the validation is successful, contact us to open a ticket. If it is not successful, see with your IT department to resolve the blockage, or disable certificate validation.
{% endhint %}
### Troubleshooting WITHIN Remote Desktop Manager
Remote Desktop Manager indicates a certificate validation error by displaying the following dialog:
{% hint style="warning" %}
Before ignoring the error or adding the certificate to the exception list, always perform a perfunctory validation of the certificate by using the ***View Certificate*** action, verify the ***Issued To*** and ***Issued By*** fields to determine if they seem correct for your organization.
{% endhint %}
The dialog offers five commands:
| Command | Description |
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ***Continue*** | This option will accept the certificate for this session only. |
| ***Continue and Remember*** | This option will accept the certificate and remember your choice. To "forget" a certificate that had been previously added, you must clear the certificate exemption list using the ***Certificate security***-related options. |
| ***Abort*** | This option will abort the communication that is being attempted, it will result in an unreachable error. |
| ***Diagnose*** | This option will display the ***Certificate Diagnostic Window***. |
| ***View Certificate*** | This option will display the certificate using the ***System Dialog***. You can use this to export the certificate for a manual validation. |
### Remote Desktop Manager Certificate diagnostic window
### System dialog
To find out more about why the certificate validation failed, you can use some tools, but the certificate needs to be exported first.
To export the certificate, follow these steps:
1. Go to the ***Details*** tab of the Windows certificate prompt.
2. Click ***Copy to File...*** and proceed to export the certificate as a \*.cer file.
### Manual certificate validation
Here are some tools that can be used to verify the newly exported certificate:
#### Using PowerShell (requires PowerShell v4)
In a PowerShell console, adapt the path for the certificate file, then run: `$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("%USERPROFILE%\Desktop\cert.cer"` `Test-Certificate -Cert $cert`
#### Using CMD
Adapt the path for the certificate file, then run the following command: `certutil -verify "%USERPROFILE%\Desktop\cert.cer"`
The resulting output from the tools mentioned above can be used to obtain more information about the issue.
### Certificate security related options
Navigate to ***File*** – ***Settings*** – ***Security*** – ***Certificate security*** to manage options related to certificates.
{% hint style="info" %}
The ***Reset Known Certificates*** option only appears if you have selected ***Continue and Remember*** on one or more certificate.
{% endhint %}
| Option | Description |
| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ***Ignore application certificate errors*** | Enable this option to disable the application certificate validation. This is not recommended, as it would compromise confidentiality and integrity of communications between the client and the server and could expose the application to potential threats. |
| ***Check for server certificate revocation*** | This option checks that the certificate has not been revoked. This is necessary if any of the URLs for ***Certificate Validation*** are unavailable for any reason. |
| ***Reset Known Certificates*** | Use this option to clear the cached certificates. All certificates will need to be validated again. |
### Verify the Certification Authority (CA)
1. Open the certificate, then verify by which Certification Authority the certificate has been ***Issued by***, in the ***General*** tab.
2. Verify that the Certification Authority is properly installed in the certificate store.
### Certificate revocation check
Ensure that the CRL (Certificate Revocation List) server is reachable as it is required to validate a certificate.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/certificate-validation.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
