Windows – Where is the RDP server certificate stored

Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:

Selecting View Certificate, i was going to check the SHA1 Thumbprint:

Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2

and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):

There it is, the only one on the machine. But wait, that's not the same key:

The certificate i am presented through RDP is different than the one on the server:

Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92

Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.

Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?

Server: Windows Server 2012 Standard

Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet – and i want to validate that i am seeing my actual desktop.

Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?