IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  IBM Secret Server - RDP Proxy certificate error

    Posted Fri January 08, 2021 08:10 AM
    Hi, 

    In IBM Secret Server i'm enabling RDP proxy for RDP connections. Have a CA sertificate, 

    But when i add in RDP proxy settings to "Valdate remote certificates" = YES  - there is RDP error:

    "This computer cannont connect to remote computer - try connecting again. If the problem continues, contact the ownwer of remote computer or you network administrator"

    In the IBM SS log i have info:

    System.Exception: HRESULT -2146893019 (SEC_E_UNTRUSTED_ROOT) encountered: The certificate chain was issued by an authority that is not trusted. at Thycotic.RDPProxy.SslStream2.ThrowKnownExceptions(Int32 returnCode) at Thycotic.RDPProxy.SslStream2.CompleteHandshake(String hostname, SspiPacket sspiPacket, Boolean validateRemoteCertificate) at Thycotic.RDPProxy.SslStream2.AuthenticateAsClient(String hostname, Boolean validateRemoteCertificate) at Thycotic.RDPProxy.CLI.Session.ProxyConnection.<DoHandshakeAndForward>d__15.MoveNext()

    Maybe someone had a similar error!?

    Regards,




    ------------------------------
    Martins Zeipe
    ------------------------------


  • 2.  RE: IBM Secret Server - RDP Proxy certificate error

    Posted Fri January 08, 2021 09:19 AM
    Hi Martins, 

    If I'm reading the above correctly it sounds like you've added the signer (CA Cert) of the remote certificate to your truststore...is this correct?  If so, it's possible it might be a chained certificated...where there is more than one CA in the chain, in which case you'll need to ensure you trust all of the CAs in the chain.

    ------------------------------
    Grey Thrasher
    IBM
    ------------------------------

    Original Message


  • 3.  RE: IBM Secret Server - RDP Proxy certificate error

    Posted Sun January 10, 2021 02:16 PM
    Thank you Grey! 

    M.

    ------------------------------
    Martins Zeipe
    ------------------------------

    Original Message