How do I view a trusted certificate in the Remote Desktop Connection client?
When you use the Remote Desktop Connection client to connect to a remote computer that does not have a valid SSL certificate, you are presented with a box similar to this:
I already know how to deal with this, to make the box not appear at every connection ("check Don't ask me again..."). I also know how to make the box reappear after "Don't ask me again" has been checked. (There are several posts to this effect here on superuser.) An option in this dialog allows you to review the server certificate.
My question is when using Remote Desktop Connection client to connect to a server that has a valid certificate issued by a trusted certification authority, how do I view the certificate? (Assume that I do not have access to the certificate store on the remote server.)
In the connection bar of Remote Desktop Connection version 6.3.9600 there appears a padlock, similar to what you might see in a web browser. However, clicking on the padlock only reveals 
Again, how do I view the certificate used by Remote Desktop Connection when the certificate is valid?
EDIT: In my initial testing, I was using a client PC (non-domain) to connect to the server on the same subnet. The security (padlock) icon in MSTSC indicated authentication by kerberos. A subsequent test from a PC on a remote network indicated authentication by server certificate, and gave me the option to view the certificate.
So now I am wondering why the local connection authenticated by kerberos and the remote connection by certificate?
remote-desktop
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
|
show 7 more comments
When you use the Remote Desktop Connection client to connect to a remote computer that does not have a valid SSL certificate, you are presented with a box similar to this:
I already know how to deal with this, to make the box not appear at every connection ("check Don't ask me again..."). I also know how to make the box reappear after "Don't ask me again" has been checked. (There are several posts to this effect here on superuser.) An option in this dialog allows you to review the server certificate.
My question is when using Remote Desktop Connection client to connect to a server that has a valid certificate issued by a trusted certification authority, how do I view the certificate? (Assume that I do not have access to the certificate store on the remote server.)
In the connection bar of Remote Desktop Connection version 6.3.9600 there appears a padlock, similar to what you might see in a web browser. However, clicking on the padlock only reveals
Again, how do I view the certificate used by Remote Desktop Connection when the certificate is valid?
EDIT: In my initial testing, I was using a client PC (non-domain) to connect to the server on the same subnet. The security (padlock) icon in MSTSC indicated authentication by kerberos. A subsequent test from a PC on a remote network indicated authentication by server certificate, and gave me the option to view the certificate.
So now I am wondering why the local connection authenticated by kerberos and the remote connection by certificate?
remote-desktop
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
1
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30
|
show 7 more comments
When you use the Remote Desktop Connection client to connect to a remote computer that does not have a valid SSL certificate, you are presented with a box similar to this:
I already know how to deal with this, to make the box not appear at every connection ("check Don't ask me again..."). I also know how to make the box reappear after "Don't ask me again" has been checked. (There are several posts to this effect here on superuser.) An option in this dialog allows you to review the server certificate.
My question is when using Remote Desktop Connection client to connect to a server that has a valid certificate issued by a trusted certification authority, how do I view the certificate? (Assume that I do not have access to the certificate store on the remote server.)
In the connection bar of Remote Desktop Connection version 6.3.9600 there appears a padlock, similar to what you might see in a web browser. However, clicking on the padlock only reveals
Again, how do I view the certificate used by Remote Desktop Connection when the certificate is valid?
EDIT: In my initial testing, I was using a client PC (non-domain) to connect to the server on the same subnet. The security (padlock) icon in MSTSC indicated authentication by kerberos. A subsequent test from a PC on a remote network indicated authentication by server certificate, and gave me the option to view the certificate.
So now I am wondering why the local connection authenticated by kerberos and the remote connection by certificate?
remote-desktop
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
When you use the Remote Desktop Connection client to connect to a remote computer that does not have a valid SSL certificate, you are presented with a box similar to this:
I already know how to deal with this, to make the box not appear at every connection ("check Don't ask me again..."). I also know how to make the box reappear after "Don't ask me again" has been checked. (There are several posts to this effect here on superuser.) An option in this dialog allows you to review the server certificate.
My question is when using Remote Desktop Connection client to connect to a server that has a valid certificate issued by a trusted certification authority, how do I view the certificate? (Assume that I do not have access to the certificate store on the remote server.)
In the connection bar of Remote Desktop Connection version 6.3.9600 there appears a padlock, similar to what you might see in a web browser. However, clicking on the padlock only reveals
Again, how do I view the certificate used by Remote Desktop Connection when the certificate is valid?
EDIT: In my initial testing, I was using a client PC (non-domain) to connect to the server on the same subnet. The security (padlock) icon in MSTSC indicated authentication by kerberos. A subsequent test from a PC on a remote network indicated authentication by server certificate, and gave me the option to view the certificate.
So now I am wondering why the local connection authenticated by kerberos and the remote connection by certificate?
remote-desktop
remote-desktop
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
edited Feb 13 '15 at 21:21
Jonathan J
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
asked Feb 13 '15 at 20:01
Jonathan JJonathan J
55749
55749
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
1
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30
|
show 7 more comments
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
1
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
1
1
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30
|
show 7 more comments
1 Answer
1
active
oldest
votes
Kerberos doesn't use certificates. If then connection was secured with Kerberos then there is no certificate to view on this connection.
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f877669%2fhow-do-i-view-a-trusted-certificate-in-the-remote-desktop-connection-client%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Kerberos doesn't use certificates. If then connection was secured with Kerberos then there is no certificate to view on this connection.
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
add a comment |
Kerberos doesn't use certificates. If then connection was secured with Kerberos then there is no certificate to view on this connection.
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
add a comment |
Kerberos doesn't use certificates. If then connection was secured with Kerberos then there is no certificate to view on this connection.
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
Kerberos doesn't use certificates. If then connection was secured with Kerberos then there is no certificate to view on this connection.
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
answered Jun 8 '18 at 20:11
HackSlashHackSlash
1,9321620
1,9321620
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f877669%2fhow-do-i-view-a-trusted-certificate-in-the-remote-desktop-connection-client%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
P.S. -- Credit for the error message image goes to Ian Boyd ( superuser.com/users/8169/ian-boyd )
– Jonathan J
Feb 13 '15 at 20:02
Is this a corporate network? e.g. a managed domain
– dkanejs
Feb 13 '15 at 20:04
1
The server in question is in an Active Directory domain. The client PC is not joined to the domain, and has not imported the certificate. The server has supposedly been configured with an SSL certificate from a third-party certification authority, not the Windows CA in the domain. I need to verify which certificate is actually being used.
– Jonathan J
Feb 13 '15 at 20:08
The handshake may be recorded, you could check eventvwr on the client to see what certificate was used.
– dkanejs
Feb 13 '15 at 20:11
I found a workaround for what I needed to do... connect to the server by IP address rather than name. This forces the error message to appear, where I can click to view the certificate. However, it really doesn't answer the question of how to view the certificate when it's valid for the server named in the connection.
– Jonathan J
Feb 13 '15 at 20:30