Remote Desktop Gateway - Showing Non-Existent SSL Cert for Wrong Domain

I have two domains on Cloudflare: domain1.com and domain2.xyz.

I have remote.domain2.xyz pointing to my Remote Desktop Gateway. There is a RapidSSL certificate for this subdomain and that certificate is loaded into the Remote Desktop Gateway. Proxy for this A record is turned off in Cloudflare.

When I try to access one of my computers via RDP, I receive the following message: This computer can’t verify the identity of the RD gateway “remote.domain2.xyz”. When I view the certificate, it shows a Cloudflare Origin Certificate with dates that do not match any active certificate. Under details, it shows for Subject Alternative Name

DNS Name=*.domain1.com
DNS Name=domain1.com

Under the Certification Path, it shows CloudFlare Origin Certificate and the Certificate Status is “The issuer of this certificate could not be found.”

There is nothing in there regarding domain2.xyz and I am unsure how or why it is making the connection between the domains. I have deleted all certificates in Cloudflare for domain1.com but it is still showing the same certificate for domain1.com.

As far as I understand, the Cloudflare Origin certificate can be used to secure the connection between Cloudflare and your origin server. That certificate would have been installed on the origin side, meaning that requests could very well “bypass” Cloudflare (Proxy status: DNS only) and you can still see a Cloudflare certificate anyway. Are there any other hosts on the same machine as this Remote Desktop Gateway that might cause the wrong certificate to be presented?

Is the DNS entry :grey: or :orange:?

Do you have different Internal DNS with the same zone as your Cloudflare public facing DNS?

Thank you for the responses. There was a misconfiguration that arose during our troubleshooting to bring the RDG under management of our loadbalancer. The A records were accidentally pointing to the load balancer instead of our second Internet connection. It was the load balancer that was providing the SSL cert.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.