Disabling Remote Certificate Validation for RDP Proxy

Delinea recommends that you operate in an environment where RDP server certificates are created by a controlled CA and are trusted by machines in the domain. If that is not possible, you can disable remote certificate validation to allow connection to machines that do not serve trusted certificates.

Figure: Normal Remote Certificate Validation for RDP Proxy

To view or edit your RDP proxy certificate settings:

1. In Secret Server, click the Settings button and go to Proxying > RDP. The RDP Proxy tab of the Settings page appears:
   
   
2. Look at the RDP Proxy setting will have one of two values:

• Validate Remote Certificates = No: Secret Server RDP proxy does not validate the remote server RDP certificate.

• Validate Remote Certificates = Yes: Secret Server RDP proxy validates the remote server SSL Certificate as defined in Local Computer > Remote Desktop > Certificates.

3. To change the certificate settings, in Windows, go to Console Root\Certificates(Local Computer)\Remote Desktop\Certificates. The Console appears:
   
   

4. Note that these remote server Remote Desktop certificates are self-signed by default.

5. Secret Server RDP proxy cannot validate these unless one of two conditions apply:

   • Each target server certificate is imported in to all the servers hosting RDP proxy.

   • Trusted RDP certificates are deployed.

6. Microsoft describes a process for the second condition in Using certificates in Remote Desktop Services.