Trust enterprise root ca on WP8.1

Question

In order to avoid manual trusting of every single self-signed certificate I've installed an enterprise CA in our Windows 2012 R2 which is now issuing certificates for various purposes across the domain.

The idea behind was to simply import that CA's root certificate on client devices and every cert issued should become valid.

This already works extremely well for various workflows like intranet SSL connections or RDP sessions from Windows 7/8 clients (using an RD-Gateway).

But somehow the latter won't work on Windows Phone 8.1:

I've imported the root CA using an .cer file and I can browse any SSL intranet website without warnings. It's also possible to see all RemoteApps on our RD-Gateway using Microsoft's Remote Desktop App. But whenever I'm trying to connect to a remote desktop using the gateway, it throws a certificate error (0x3000005), essentially saying that the certificate isn't trusted.

I've already checked the installed certificates using Microsoft's Certificate app and everything looks fine (CA is listed as valid under the root certificates tab).

The certificate chain looks like this:

MyRootCA
  --> rdgateway.mycompany.com
  --> example1.mycompany.com
  --> example2.mycompany.com

... and I'm going to trust "MyRootCA" only.

Is there anything missing?

Answer 1

Finally I got it working. I'm not sure about the exact resolution but think it may have something to do with the Certificate Revocation List (CRL). Initially, it pointed to our LDAP server only. Then I've added the HTTP-URL as an alternative source and now it is working as expected...