Connecting to the RDP host: Fix the Certificate could not be verified back to the root certificate

The Microsoft Remote App on Mac enables you to connect to a Remote Windows PC. It enables you to control desktops and apps as if you were connected to the console of the device. In this article, we shall discuss the issue “You are connecting to the RDP host: Fix the Certificate could not be verified back to the root certificate”. Please see Change your root password: How to enable and disable the root user on your macOS. How to fix “Remote Desktop cannot find the computer this in the specified network: Verify the computer name and domain that you are trying to connect“. Also see how to change the default RDP port in Windows.

An update from version 10.2.0 enables you to connect via a Remote Desktop Gateway server with an untrusted certificate. Only when you accept the warning prompt. I will be showing you shortly how to do this. Please see this hyperlink to learn about the latest updates for the Remote Desktop client for macOS.

Why was the error “Certificate could not be verified back to the root certificate” prompted

The warning pop-up that end-users see when connecting via RDP is entirely not a bad message. Microsoft wants you to be warned if there’s a potential risk of a compromise. This is because attackers can successfully extrapolate every single keystroke you type into an RDP session. This includes your login credentials by using sniffing tools.

Given that most system Administrators connect to remote servers with administrative credentials. This could lead to an attacker using a Man-in-the-Middle (MTM) attack. The current versions of the Remote Desktop Client combined with TLS make these attacks more difficult.

The client machine you’re trying to establish the RDP session from doesn’t have the remote machine’s self-signed certificate in your Mac's keychain. (In Windows, this is the local Trusted Root CA certificate store). 

Please see How to Apply and Enable Automatic Windows Admin Center Update. Also, see How to Fix Git always asking for my Username and Password.

What to do when this warning ‘RDP Certificate could not be verified’ is prompted

When you encounter an issue with the RDP certificate not being verified when connecting from Mac to a Windows machine. As mentioned above, it simply means that the Remote Desktop client on the Mac does not trust the certificate presented by the Windows computer.

I will show the graphical steps to add the root certificate of the CA to Mac’s keychain in the next article. You may want to follow these steps, but I will be showing you how to trust the certificate from the RDP Client very shortly.

• Check the Certificate: First, ensure that the certificate on the Windows machine is valid and trusted. If it is a self-signed certificate or issued by an internal Certificate Authority (CA). You may need to add the root certificate of the CA to Mac’s keychain.
  
  To do this, you will have to import the Certificate to our macOS. Export the certificate from the Windows PC and transfer it to your Mac. Double-click the certificate file on the Mac, and it should open in the Keychain Access application. Install the certificate in the “System” keychain, which allows it to be used for all users on the Mac.
  
  Trust Certificate: After importing the certificate, open the Keychain Access application, find the certificate in the “System” keychain, and double-click it. In the certificate details window, expand the “Trust” section and set “When using this certificate” to “Always Trust.” Close the window, and you might need to enter your Mac’s administrator password to save the changes.
  
  Verify Connection: Try connecting again using the Remote Desktop client on your Mac. The certificate should now be trusted, and the connection should proceed without any certificate verification errors.

By following these steps, you can resolve the issue with the RDP certificate not being verified from your Mac PC to your Windows PC. Remember to ensure that you trust the certificate source and verify the integrity of the certificate before adding it to your Mac’s keychain.

Resolving the “RDP Certificate could not be verified” directly from the Remote Desktop Client

If you see the message “The certificate is not from a trusted certifying authority” in the Certificate error section on the RDP certificate error warning, that means the certificate authority is not trusted.

Note: When you click on Continue, the session will be ended, and the RDP connection will not be established. See the steps below to resolve this issue.

Solution – Fix the Certificate could not be verified back to the root certificate

Click on Show Certificate, as displayed in the image below.

Click on the checkbox “Always trust “machine-name” when connecting to your Remote device”.

After clicking Continue, Mac will prompt you for your password to update your Mac’s Certificate Trust Settings.

When this is done, you will not be prompted again about the RDP Certificate could not be verified when you connect to this machine.

Remove the Certificate from the KeyChain

if for some reason such as expiration etc and you wish to delete the certificate store because the Remote Desktop client is not capable of doing this. Navigate to the Keychain Access.

Locate the Certificates as shown below.

Now, you can simply delete the trusted certificate from the KeyChain.

I hope you found this blog post helpful on how to resolve “You are connecting to the RDP host: Fix the Certificate could not be verified back to the root certificate”. Please let me know in the comment section if you have any questions.