25
8
Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:
Selecting View Certificate, i was going to check the SHA1
Thumbprint:
Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1):e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2
and make sure it matches whats on the server. i connected anyway, then using certmgr.msc
, searched for the certificate (i.e. "Issued to corsair"):
There it is, the only one on the machine. But wait, that's not the same key:
The certificate i am presented through RDP is different than the one on the server:
Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1):c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92
Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc
.
Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?
Server: Windows Server 2012 Standard
Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.
Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?
1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server? – Sam Stephenson – 2013-10-23T13:31:24.257
1@SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears. – Ian Boyd – 2013-10-24T12:26:58.343