Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:
Selecting View Certificate, i was going to check the SHA1 Thumbprint:
Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1):e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2
and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):
There it is, the only one on the machine. But wait, that's not the same key:
The certificate i am presented through RDP is different than the one on the server:
Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1):c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92
Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.
Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?
Server: Windows Server 2012 Standard
Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.
Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?
22 Answers
In Windows 10
- Search for
certlm.mscin the Start Menu or using Windows key+R. - Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.
In Windows 7
- Launch
mmc.exe(as an administrator). - 'File' -> 'Add/Remove Snap-in...'.
- Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'.
- A new window titled 'Certificates Snap-in' appears where you can choose from 'My user account', 'Service account' and 'Computer account'. Choose 'Computer account', click 'Next', then 'Finish' and finally 'OK'.
- Under the 'Console Root' folder you now have 'Certificates (Local Computer)'.
- Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.
You can then save this console view for easy access under 'File' -> 'Save'.
5This is answered here:
It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message:
Log Name: System Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager .... Description: A new self signed certificate to be used for Terminal Server authentication on SSL connections was generated. The name on this certificate is servername.domain.com . The SHA1 hash of the certificate is in the event data.
Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.