Microsoft Remote Desktop for Mac: Always Trust Certificate
If you use the Microsoft Remote Desktop app in macOS to connect to another Windows PC on your network, you may see an error when you try to connect:
You are connecting to the RDP host [IP address]. The certificate couldn’t be verified back to a root certificate. Your connection may not be secure. Do you want to continue?
Absent another issue, clicking Continue connects you to the remote PC’s desktop, so the aforementioned warning message isn’t a huge issue. However, if you frequently connect to remote PCs on your network, having this warning message pop up each time can quickly become annoying.
Thankfully, you can configure your Mac to always trust your remote PC’s certificate, which will let you connect directly going forward without the appearance of the security warning. Here’s how it works.
Microsoft Remote Desktop Security Caution
First, a word of warning. The reason that you’re seeing this message in Microsoft Remote Desktop is because the app cannot verify the digital certificate of the computer you’re connecting to. In very simple terms, digital certificates help prove the identity of devices on a network. It’s possible for a malicious user to configure a PC or server to “disguise” it as something else. A valid certificate and key proves that the device you’re connecting to is indeed what you think it is.
In business networks, schools, or any other shared networking environment (including connecting to a remote PC via the Internet), it’s therefore probably not a good idea to blindly trust a unverified certificate, and therefore you should check with your school or business’s IT department before following the steps below. It’s possible for them to correctly configure the certificate on both the remote PC and your Mac so that you won’t see this warning.
If, however, you’re a home or small business user with a controlled network (i.e., no guest or public access) and you just want to connect your Mac to another known PC inside your network, you’ll likely be fine with trusting the certificate in order to dismiss the warning message when connecting.
Always Trust Microsoft Remote Desktop Certificate
To configure your Mac to always trust the certificate of your remote PC, first close any open connections you may have to that PC and then double-click on its entry in the Microsoft Remote Desktop app to reconnect. You’ll see the familiar warning message appear:
Click Show Certificate to view the certificate’s details. Here, find and check the box “Always trust…” (the name and IP address will vary from the screenshot below based on your own local settings; just make sure it’s the correct PC before continuing).
Once the Always trust box is checked, click Continue and then enter your admin password when prompted to approve the change. The Remote Desktop app will then connect to your remote PC as usual. To test your new configuration, disconnect from the remote PC again and then reconnect. This time, you should be connected right away without seeing the certificate warning message.
Deleting a Trusted Certificate
Once you perform the steps above, Microsoft Remote Desktop will continue to connect directly to the remote PC without showing you the warning message, and there’s no way from within the Remote Desktop app to see or manage these certificates. So what do you do if you want to delete a previously trusted certificate?
The answer is Keychain Access, the app and service in macOS that handles security-related items such as saved passwords, secure notes, and, in this case, trusted certificates. You can find Keychain Access in the Applications > Utilities folder, or by searching for it with Spotlight. Either way, launch the app and select Certificates from the Category section of the sidebar on the left side of the window.
Here, you’ll see all of the saved certificates from all apps and services that have configured them, not just Remote Desktop. If you have lots of items in this list, you can use the search box at the top of the window to narrow it down. Just search or browse for the name of your remote PC’s certificate. In our example from earlier, it’s “NAS.”
Once you’ve found the correct certificate, right-click (or Control-click) on its entry and select Delete. Confirm your choice and enter your admin password when prompted. Now, the next time you connect to your remote PC via Microsoft Remote Desktop, you’ll see the certificate verification warning once again.