Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:
Selecting View Certificate, i was going to check the SHA1
Thumbprint:
Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1):e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2
and make sure it matches whats on the server. i connected anyway, then using certmgr.msc
, searched for the certificate (i.e. "Issued to corsair"):
There it is, the only one on the machine. But wait, that's not the same key:
The certificate i am presented through RDP is different than the one on the server:
Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1):c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92
Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc
.
Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?
Server: Windows Server 2012 Standard
Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet – and i want to validate that i am seeing my actual desktop.
Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?
Best Answer
In Windows 10
certlm.msc
in the Start Menu or using Windows key+R.In Windows 7
mmc.exe
(as an administrator).You can then save this console view for easy access under 'File' -> 'Save'.