I use Remote Desktop Connection (RDP) to connect from my Windows 7 (Home Premium SP1 64-bit) laptop to my Vista (Home Premium SP1 64-bit) desktop computer. Until recently, every time I tried to connect, the following message was displayed:
[Note: In the image above, I replaced the name of my desktop computer with <remote computer>]
Of course, I could always proceed to connect by pressing Yes, but I still found the warning perplexing if not annoying.
Clicking the View Certificate button displays the certificate panel, with a button to Install Certificate. Clicking that invokes the Certificate Import Wizard. But successfully importing the certificate using the Wizard never remedied my issue.
It turns out that the Wizard only installed the server authentication certificate in my Current User's Intermediate Certification Authorities Certificates store, rather than in my Local Computer's Trusted Root Certification Authorities Certificates store, where it needs to be.
The following site provided me with the solution that worked for me:
http://serverfault.com/questions/7653/remote-desktop-keeps-asking-me-to-accept-a-certificate
The solution uses the Microsoft Management Console (mmc.exe), running one or more snap-ins for Certificates (for Local Computer or Current User), to install (or move/copy) the remote computer's Remote Desktop Server Authentication certificate to the Trusted Root Certification Authorities certificates store (for Local Computer) on the client computer.
Here are the instructions given there (which I've copied almost verbatim). Skip to Method 2 below if you've already imported the certificate on the client computer, perhaps by running the Wizard while using RDP to connect:
Method 1 - Part 1: Export Certificate on Server
First the certificate needs to be exported to a file. On the server, i.e. the computer you'd like to connect to:- Run
%windir%\System32\mmc.exe - Menu
File->Add/Remove Snap-in... - Select
Certificates->Add >->Computer account->Local computer->Finish OKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer).- Select
Certificates (Local Computer)->Remote Desktop->Certificates. There should be a single certificate with your computer's name. - Open the certificate.
- Open the
Detailstab. Copy to File...- Select any format, e.g.
DER encoded binary X.509 (.CER). - Type in any file name, e.g.
<computername>.cer. - Copy the file to your client computer.
Method 1 - Part 2: Import Certificate on Client
On the client, i.e. the computer you're connecting from, and receive the warning popup, do:- Run
%windir%\System32\mmc.exe - Menu
File->Add/Remove Snap-in... - Select
Certificates->Add->Computer account->Local computer->Finish OKtheAdd or Remove Snap-insdialog. The console should now containCertificates (Local Computer).- Select
Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates. - Menu
Action->All Tasks->Import.... - Enter the path to the exported certificate, e.g.
<computername>.cer. Place all certificates in the following store->Trusted Root Certification Authorities.Finish. You should no longer receive the warning.
Method 2: Move Certificate on Client
If you already installed the certificate through the warning dialog, you can find the certificate in the current user's store. Skip the steps above and just move the certificate to the right place:
- Follow steps 1 to 3 as described in "Import Certificate on Client."
- Add another
Certificatessnap-in, this time forMy user account. - The certificate should be here somewhere. Try
Certificates - Current User->Intermediate Certification Authorities->Certificatesfirst. - Drag-and-drop or cut-and-paste the certificate to
Certificates (Local Computer)->Trusted Root Certification Authorities->Certificates. Note that the certificate stores stack, so you will still see the certificate in you user's store! You should no longer receive the warning.
