LANDESK Workspace Certificate Security Alert

Version 9

    Verified Product Versions

    Endpoint Manager 2016.x


    When opening LANDESK Workspace a Security Alert message appears. If you view and install the Certificate the message still appears each time Workspace is opened.


    security alert.png



    Security Alert


    The identity of this web site or the integrity of this connection cannot be verified.


    The security certificate was issues by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.


    The security certificate date is valid.


    The security certificate has a valid name and matching the name of the page you are trying to view.




    A Self-Signed Certificate needs to be created in IIS for the FQDN of your Core, associated with your Core's Default Web Site, and then pushed to the Client using Group Policy.



    Creating a Self-Signed Certificate


    • Open Internet Information Services (IIS) Manager
    • In the Connections pane select your Core
    • In the Features pane double click Server Certificates

    2015-03-04 16_34_08-RD Tabs 64.jpg

    • In the Server Certificates Actions pane select Create Self-Signed Certificate...

    2015-03-04 08_48_03-RD Tabs 64.jpg

    • Enter the Fully Qualified Domain Name (FQDN) of your Core in the Specify a Friendly name for the Certificate: (

    2015-03-04 16_03_17-RD Tabs 64.jpg

    • Click OK


    Export Certificate to your Group Policy Server


    • In the Server Certificates pane select the certificate you created
    • In the Server Certificates Actions pane select Export...

    2015-03-04 16_41_05-RD Tabs 64.jpg

    • Select the location of your Group Policy server in Export To: and give it a file name
    • Enter a Password: and Confirm Password:
    • Click OK



    Apply Certificate to the Default Web Site on your Core


    • In the Connections pane expand your Core
    • In the Connections pane expand Sites
    • In the Connections pane select Default Web Site
    • In the Actions pane under Edit Site select Bindings...

    2015-03-04 16_09_39-RD Tabs 64.jpg

    • On Site Bindings click Add
    • Under Type: select https
    • In Host Name: type the FQDN of the Core (
    • Under SSL Certificate: select the certificate you created

    2015-03-04 16_17_09-RD Tabs 64.jpg

    • Click Select...
    • Click OK (on Add Site Bindings)
    • Click Close (on Site Bindings)


    Create and Enforce Group Policy for your new Certificate


    • Open Group Policy Management (Start > Run > type gpmc.msc)
    • Expand Forest:
    • Expand Domains
    • Right click your domain
    • Select Create a GPO in this domain, and link it here...

    2015-03-05 08_00_26-Group Policy Management.jpg

    • Name the new GPO and click OK
      • For consistency it can be named the same as your certificate
    • Right Click the new Linked Group Policy Object and click Edit
    • In the Group Policy Management Editor expand
      • Computer Configuration
      • Windows Settings
      • Security Settings
      • Public Key Policies
    • Right click Trusted Root Certification Authorities
    • Select Import

    2015-03-05 08_36_50-Group Policy Management Editor.jpg

    • On the Certificate Import Wizard
      • Click Next > on the first screen
      • Click Browse... to select the exported certificate file and click Next >
      • Enter the password created for this certificate and click Next >
      • Click Next > on the Certificate Store screen
      • Click Finish on the last screen
    • In the Group Policy Management window
      • Right Click the new Linked Group Policy Object and click Enforce



    Apply the new Group Policy on Client Devices