Where is my RDP server certificate stored?

80,051

Solution 1

In Windows 10

  1. Search for certlm.msc in the Start Menu or using Windows key+R.
  2. Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.

In Windows 7

  1. Launch mmc.exe (as an administrator).
  2. 'File' -> 'Add/Remove Snap-in...'.
  3. Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'.
  4. A new window titled 'Certificates Snap-in' appears where you can choose from 'My user account', 'Service account' and 'Computer account'.  Choose 'Computer account', click 'Next', then 'Finish' and finally 'OK'.
  5. Under the 'Console Root' folder you now have 'Certificates (Local Computer)'.
  6. Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.

You can then save this console view for easy access under 'File' -> 'Save'.

Solution 2

This is answered here:

It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message:

Log Name:     System
Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 
....
Description: A new self signed certificate to be used for Terminal Server 
authentication on SSL connections was generated. The name on this certificate
is servername.domain.com . The SHA1 hash of the certificate is in the event
data.

Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.

Share:
80,051

Related videos on Youtube

Ian Boyd
Author by

Ian Boyd

Updated on September 18, 2022

Comments

  • Ian Boyd
    Ian Boyd over 1 year

    Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:

    enter image description here

    Selecting View Certificate, i was going to check the SHA1 Thumbprint:

    Issued to: corsair
    Issued by: corsair
    Valid from: 9/5/2013 to 3/7/2014
    Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2

    and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):

    enter image description here

    There it is, the only one on the machine. But wait, that's not the same key:

    enter image description here

    The certificate i am presented through RDP is different than the one on the server:

    Issued to: corsair
    Issued by: corsair
    Valid from: 4/6/2013 to 8/7/3012
    Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92

    Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.

    Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?

    Server: Windows Server 2012 Standard

    Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.

    Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?

    • Sam Stephenson
      Sam Stephenson over 10 years
      1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?
    • Ian Boyd
      Ian Boyd over 10 years
      @SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.
  • Ed Norris
    Ed Norris about 10 years
    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.
  • Mister_Tom
    Mister_Tom almost 9 years
    The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!
  • Tarulia
    Tarulia over 8 years
    thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~
  • Franklin Yu
    Franklin Yu over 6 years
    Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.
  • Franklin Yu
    Franklin Yu over 5 years
    Windows 10 seems to come with a shortcut C:\Windows\System32\certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.
  • 2072
    2072 over 5 years
    Thanks, I've edited my answer with your solution