How to ignore the certificate warning on remote desktop connection

Stoimen picture Stoimen · Dec 19, 2013 · Viewed 37.6k times · Source

I am trying to ignore the certificate warning on remote desktop connection - the one in the image:

enter image description here

So far I have found that when I check the "don't ask again" checkbox it is generating registry key over here:

HKCU:\Software\Microsoft\Terminal Server Client\Servers

A new record is generated with the name of the server and key name CertHash that contains a value that is specific for a machine. The key is the same for a machine - if I delete it and check the checkbox the same value is again generated. There is a new value in case I recreate the virtual machine so I think it is something machine specific.

Can someone tell me how is this hash generated so I can populate the key from command line? Adding certificate is not an option and the machines will be frequently regenerated so I need an option to ignore this automatically as I need to connect a user to the machine and run some programs in it.

Answer

gbabu picture gbabu · May 1, 2015

I know this is an old question. But this may help someone who is looking for the same solution.

Method 1

You may over ride the certificate check for ALL RDP connections (use it at your own risk)

Just add a new registry key as below.

reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client" /v "AuthenticationLevelOverride" /t "REG_DWORD" /d 0 /f

Method 2

Considering if you have admin rights on the remote machine, you could actually get the crethash value from the remote machine using the below wmic command. So you could make a small batch file to get this value before you launch the mstsc and add this value in registry. I haven't included the complete batch file but thats the idea.

wmic /node:Testserver /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting get SSLCertificateSHA1Hash