To remove this warning, replace the default RDP Signing certificate with a trusted certificate.Create CA
This solution will use OpenSSL to create a minimum CA and an intermediate CA to resolve the certificate warning.
1. Generate Key for CA
openssl genrsa -out ca.key 2048
2. Generate CA Certificate
openssl req -new -x509 -key ca.key -out ca.crt
3. Verify Certificate is CA
openssl x509 -noout -text < ca.crt
Look for the following in output: 'X509v3 Basic Constraints: CA: TRUE'
Create Certificate Signing Request
- Open Safeguard and navigate to Admin Tools | Settings | Certificates | Sessions Certificates
- Select 'Create Certificate Signing Request' under RDP Connection Signing Certificate.
- Sign CSR using CA to create a new RDP Signing Certificate as Intermediate CA
openssl ca -in safeguardCSR.csr -out safeguardRdpSigningCert.crt -keyfile ca.key -cert ca.crt -config ~/openssl2.cnf -extensions v3_ca
- Edit the new Certificate and if metadata is present, remove all metadata preceding the --BEGIN CERTIFICATE-- line.
- Add intermediate certificate as RDP Connection Signing Certificate using ‘Install Certificates
- Add CA to System (not user) Trusted Root Certification Authorities Certificate Store.
- Add Intermediate CA (the RDP Signing Certificate) to System (not user) Intermediate Certification Authorities Certificate Store.