Microsoft Remote Desktop Connection (RDP) – Certificate Warnings
Hello everyone! Tim Beasley, Platforms PFE here again from the gorgeous state of Missouri. Here in the fall, in the Ozark Mountains area the colors of the trees are just amazing! But hey, I’m sure wherever you are it’s nice there too. Quick shout out to my buds SR PFE Don Geddes (RDGURU), and PFE Jacob Lavender who provided some additional insight on this article!
I am writing this blog post to shed some light on the question of “How come we keep getting prompted warning messages about certificates when we connect to machines via RDP?” A couple of examples you might see when running the Remote Desktop Connection Client (mstsc.exe)…
If you’ve come across this in your environment, don’t fret…as it’s a good security practice to have secure RDP sessions. There’s also a lot of misguiding information out there on the internet… Being a PKI guy myself, I thought I’d chime in a bit to help the community.
The answer to the question? It depends.
Okay I’m done.
HA! If only it was that easy! You people reading this right now wouldn’t be here if it were that easy, right?
To get started, I’m going to break this topic up into several parts. I’m also going to assume that whoever is reading this knows a bit of PKI terminology.
Unless there are security requirements that they must meet, most organizations don’t deploy certificates for systems where they are simply enabling RDP to allow remote connections for administration, or to a client OS like Windows 10. Kerberos plays a huge role in server authentication so feel free to take advantage of it. The Kerberos authentication protocol provides a mechanism for authentication — and mutual authentication — between a client and a server, or between one server and another server. This is the underlying authentication that takes place on a domain without the requirement of certificates.
Read the entire article here, Remote Desktop Connection (RDP) – Certificate Warnings
Via the fine folks at Microsoft.