we've implemented Windows Remote Desktop Services at a customer and were facing those ugly security popus asking if we trust the publisher even though the certificate was issued by the customers PKI and was valid and trusted by the client (certificate chain was installed on the client, CLR was reachable and so on).
It's not a bug...its a feature according to Microsoft. :-)
You can get rid of these popups configuring a GPO that specifies valid publishers.
http://technet.microsoft.com/de-de/library/cc771261(v=ws.10).aspx
The GPO requires the SHA1 thumbprint of the certificate. We fiddled around copying the thumbprint from the certificate UI, the GPO was applied but we were still seeing the popup.
This was caused by a none-printable character which we copied from the certificate UI into the GPO. Very ugly. :-)
Therefore I created this simple Powershell script to get the thumbprint in the right format (no spaces, upper case and most important no none-printable characters).
$cert1 = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate „my certificate.cer“
$cert1.GetCertHashString()The last line returns the thumbprint of the certificate e.g. BCE26899803C4806911B01F969FF7721562E07D6
You can find more methods here:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate.aspx
more information can be founde here:
https://blogs.technet.microsoft.com/askpfeplat/2017/12/18/remote-desktop-connection-rdp-certificate-warnings/
Happy coding
Chris
Keine Kommentare:
Kommentar veröffentlichen