How to trust the LDMS Remote Control Certificate

Version 11

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x



    The purpose of this document is to show how to trust a certificate so that when you are using the new HTML5 Remote Control you do not get the security warning. We have also attached the certificate that is to be trusted.


    Adding certificates to the Trusted Root Certification Authorities store for a domain


    Domain Admins is the minimum group membership required to complete this procedure.


    To add certificates to the Trusted Root Certification Authorities store for a domain


    Open Server Manager, and under Features Summary, click Add Features. Select the Group Policy Management check box, click Next, and then click Install.

    After the Installation Results page shows that the installation of the GPMC was successful, click Close.

    Click Start, point to Administrative Tools, and then click Group Policy Management.

    In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy GPO that you want to edit.

    Right-click the Default Domain Policy GPO, and then click Edit.

    In the GPMC, go to Computer Configuration, Windows Settings, Security Settings, and then click Public Key Policies.

    Right-click the Trusted Root Certification Authorities store.

    Click Import and follow the steps in the Certificate Import Wizard to import the certificates.


    NOTE:  In EPM 2018.3, the file "rchtml5.cer" still exists in the mentioned location, but it is "SHA1".  It is recommended to use the "LANDesk_xxxxxxxxxx.cer" file found in \Program Files\LANDesk\Shared Files\keys


    The certificate for LDMS 9.6 and 9.6 SP1 can be found at C:\Program Files\LANDesk\ManagementSuite\rchtml5.cer


    They can be found at this link as well…


    This now has the certs required for 9.5, 9.5 SP1, and 9.5 SP2.


    NOTE: If you would like to show the FQDN (ie. https://MachineName.domain:4343) instead of the short name (eg. https://MachineName:4343), be sure that when you sign into the console, it is using the FQDN for the Core server