Remote Desktop Gateway Server Certificate Has Expired Mac Not Working

Remote Desktop Gateway Server Certificate Has Expired Mac Not Working? Right Solution

/ Knowledgebase, Remote Desktop Protocol (RDP)

If you are a Mac user and you get the message Remote Desktop Gateway Server certificate has expired when you try to connect to a Windows machine or remote network, the issue is an outdated or invalid SSL/TLS certificate on the Remote Desktop Gateway (RDP Gateway) server. The appropriate solution is to renew or replace the expired certificate on the gateway server and ensure that the new certificate is trusted by the Microsoft Remote Desktop client on your Mac. If you don’t make this change, the Mac client will not connect, preventing remote access.

This article describes the reason for the error, how certificates are used with Remote Desktop Gateway, and provides step-by-step solutions for server administrators and Mac users. By the end you’ll know the underlying cause and have practical ways to permanently fix the problem.

What Is a Remote Desktop Gateway and Why Is the Certificate Important?

A Remote Desktop Gateway (RDP Gateway) is a role for Windows Server that enables you to securely access internal resources over HTTPS. Rather than exposing RDP directly to the internet – an insecure practice – RDP Gateway encrypts RDP traffic using SSL/TLS.

As with a website, RDP Gateway needs a valid SSL certificate to do this safely. If the certificate expires, the Microsoft Remote Desktop client on Mac will refuse the connection due to an inability to verify the server’s identity. Mac’s client is more strict with SSL/TLS validation than older Windows clients, so an expired certificate almost always fails to connect.

Common Causes of Certificate Expired Error

  1. Expired SSL Certificate – The RDP Gateway’s certificate has expired.
  2. Self-Signed Certificate – Self-Signed certificate may not be accepted by Macs.
  3. Untrusted Certificate Authority (CA) – If the certificate was issued by an internal CA that isn’t installed on your Mac, it will be marked as untrusted.
  4. Incorrect Date/Time – A Mac with an incorrect date/time can cause a valid certificate to appear expired.
  5. Misconfigured Gateway Settings – If the RDP Gateway still refers to the old certificate after renewal, the connections fail.

The Right Solution – Remote Desktop Gateway Server Certificate Has Expired Mac Not Working?

Here’s how to fix the problem properly.

1. Renew or Replace the Expiry Certificate (Server-Side)

If you manage the RDP Gateway, do the following:

  • Create or download a new SSL certificate from a trusted CA (e.g. DigiCert, GlobalSign, Let’s Encrypt).
  • Make sure the certificate’s common name is the same as the public DNS name of the RDP Gateway (e.g., rdgateway.yourcompany.com).
  • Import the new certificate into the Windows Certificate Store in Local Desktop > Personal.
  • Open RDP Gateway Manager, right-click your server, Properties, SSL Certificate tab, Import Certificate, choose the new one.
  • Restart the Remote Desktop Gateway services to perform the modification.

2. Verify the Certificate Is Trusted on macOS (Client-Side)

After the server has received the new certificate:

  • Download the root and intermediate certificates from the CA that issued them.
  • Open Keychain Access on Mac.
  • Import the root CA and intermediate certificates into the System keychain.
  • Mark them as Always Trust for SSL.
  • Restart Microsoft Remote Desktop and try to connect again.

3. Update Microsoft RDP for Mac

Older versions of the client treat certificates differently. Be sure you’re using the latest version from the Mac App Store or Microsoft’s website.

4. Workaround (Not Recommended)

If you need access immediately and can’t renew the certificate immediately:

  • Open the Microsoft Remote Desktop application.
  • Connect to the RDP Gateway.
  • When prompted with the expired certificate, click Continue if it’s available.
  • This reduces the security, so use it only temporarily.

More Troubleshooting for Mac Users

Even after updating the certificate, there are still some Mac users who are having problems. Try the following:

  1. Clear Old Certificate Cache
    Navigate to Keychain Access, find the RDP Gateway server name, remove any old/expired certificates, and re-import the trusted CA certificate.
  2. Check macOS Date and Time
    An incorrect clock’s can render certificates as expired. Go to System Settings > General > Date & Time and change the time to automatic.
  3. Check Gateway Settings in Microsoft Remote Desktop
    Open the connection properties, and under Gateway, make sure the server name is exactly the same as the one on the SSL certificate. For example, if the certificate is for rdp gateway.company.com, don’t use the IP address or another alias.

Why Certificates Are More Strict On Mac OS Than Windows

Windows clients tend to allow you to override certificate warnings and connect anyway. macOS is more strict about SSL/TLS compliance. This is more secure but can be a pain when you have expired certificates.

The bottom line for IT administrators is: keep RDP Gateway SSL certificates valid for cross-platform compatibility.

Best Practices to Avoid Future Expired Certificate Problems

  1. Enable Certificate Expiry Warnings – Use monitoring tools (e.g. Nagios, Zabbix, or Windows Task Scheduler monument) to wary you before a certificate decease.
  2. Let’s Encrypt for Auto-Renewal – If you can, configure RDP Gateway with Let’s Encrypt, which offers free certificates that automatically renew every 90 days.
  3. Centralize Certificate Management – Keep a record of all SSL/TLS certificates and their expiry date
  4. Check Connections from Mac Regularly – Check Mac access as well as Windows clients.
  5. Update Remote Desktop Clients – The Windows and Mac clients are updated frequently for security and compatibility.

Frequently Asked Questions (FAQ)

Q1: How do I permanently avoid the expired certificate error on Mac?

  • Not safely. While you can disregard warnings, the safe way is to install a valid SSL certificate.

Q2: Which certificate is recommended for RDP Gateway?

  • a publicly-trusted SSL certificate from a well-known CA (e.g., DigiCert, Sectigo, Let’s Encrypt). Don’t use self-signed certificates unless it’s a closed internal network.

Q3: Why do I receive the error only on my Mac and not on Windows?

  • While Windows might allow you to proceed with a warning, macOS has stricter SSL rules and won’t allow expired certificates to proceed.

Q4: Do I need admin rights on my Mac to fix this?

  • Yes, you need to be an admin to import root certificates into the System keychain.

Final Thoughts

When you get the error Remote Desktop Gateway Server certificate has expired Mac not working, it means the RDP Gateway’s SSL certificate has expired. The proper solution is not to override the error but to renew or replace the certificate on the gateway and trust it on macOS. By keeping certificates up to date, correctly establishing trust on the Mac, and following best practices, you can avoid downtime and ensure safe remote access.

Remote access is a business imperative in today’s world – don’t let something as small as an expired certificate get in the way of your workflow. Stay ahead of certificate management and your Windows and Mac users will have seamless connections.

Related Posts

Scroll to Top