When making an RDP connection, you may encounter two different certificate messages.
Unsigned RDP file message
This message occurs when Remote Desktop Connection opens the RDP file that is downloaded when you click Play in the Safeguard for Privileged Passwords user interface.
We are currently working on a solution that will allow Safeguard for Privileged Passwords to sign this RDP file to avoid this message.
Untrusted server certification message
This message occurs when the workstation has not trusted the Safeguard for Privileged Passwords RDP Connection Signing Certificate.
|
NOTE: The IP address of the connecting server is that of the Safeguard appliance. |
To avoid this message, you must trust the RDP Connection Signing Certificate and certificates in its chain of trust or replace the current certificate with an enterprise certificate and chain of trust that is trusted. For more information on certificate chain of trust, see Certificate chain of trust. For more information on replacing the RDP Connection Signing Certificate, see Sessions Certificates.
One Identity recommends that you replace the entire configuration with your own trusted enterprise PKI. This would result in a structure such as:
The Root CA, Issuing CA, and RDP Signing Certificates can be distributed via Group Policy, Active Directory, or other distribution means.
The default certificate chain of trust configuration that ships with Safeguard for Privileged Passwords is generated from the SafeguardCluster root certificate.
Figure 1: Default certificate chain of trust
When setting up RDP Connection Signing, the certificate chain of trust also includes the certificate issued to Safeguard for Privileged Passwords for RDP, as illustrated below.
Figure 2: Default certificate chain of trust when setting up RDP Connection Signing
NOTES:
To see which assets and/or accounts are assigned to a profile, you must open the profile details window.
To view which assets or accounts are assigned to a partition profile
|
Note: Changing appliance time can result in unintended consequences with processes running on the appliance. For example, there could be a disruption of password check and change profiles and audit log timestamps could be misleading. |
|
TIP: As a best practice, set an NTP server to eliminate possible time-related issues. For more information, see Time. |
To set the time on your appliance
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy