This should be a Certificate Authority (CA) certificate that issues the server SSL certificate presented when a user connects a privileged session via RDP. Each time that an RDP connection is established through Safeguard, an SSL certificate is generated by this CA on-the-fly; therefore, this CA certificate should already be trusted as part of the customer's enterprise PKI. A suggestion would be to use an Intermediate certificate in the same chain that is already trusted by your user's workstations. You must also have the certificate's private key.