Where is my RDP server certificate stored?












20















Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:



enter image description here



Selecting View Certificate, i was going to check the SHA1 Thumbprint:




Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2




and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):



enter image description here



There it is, the only one on the machine. But wait, that's not the same key:



enter image description here



The certificate i am presented through RDP is different than the one on the server:




Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92




Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.



Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?



Server: Windows Server 2012 Standard



Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.



Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?






security remote-desktop certificate windows-server-2012







share|improve this question

























  • 1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

    – Sam Stephenson
    Oct 23 '13 at 13:31








  • 1





    @SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

    – Ian Boyd
    Oct 24 '13 at 12:26
















20















Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:



enter image description here



Selecting View Certificate, i was going to check the SHA1 Thumbprint:




Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2




and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):



enter image description here



There it is, the only one on the machine. But wait, that's not the same key:



enter image description here



The certificate i am presented through RDP is different than the one on the server:




Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92




Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.



Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?



Server: Windows Server 2012 Standard



Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.



Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?






security remote-desktop certificate windows-server-2012







share|improve this question

























  • 1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

    – Sam Stephenson
    Oct 23 '13 at 13:31








  • 1





    @SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

    – Ian Boyd
    Oct 24 '13 at 12:26














20












20








20


7






Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:



enter image description here



Selecting View Certificate, i was going to check the SHA1 Thumbprint:




Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2




and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):



enter image description here



There it is, the only one on the machine. But wait, that's not the same key:



enter image description here



The certificate i am presented through RDP is different than the one on the server:




Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92




Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.



Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?



Server: Windows Server 2012 Standard



Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.



Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?






security remote-desktop certificate windows-server-2012







share|improve this question
















Given the recent issues of Man-in-the-Middle attacks, i actually paid attention to the warning i get when connecting to a server:



enter image description here



Selecting View Certificate, i was going to check the SHA1 Thumbprint:




Issued to: corsair
Issued by: corsair
Valid from: 9/5/2013 to 3/7/2014
Thumbprint (SHA1): ‎e9 c5 d7 17 95 95 fd ba 09 88 37 d8 9f 49 5e b8 02 ac 2b e2




and make sure it matches whats on the server. i connected anyway, then using certmgr.msc, searched for the certificate (i.e. "Issued to corsair"):



enter image description here



There it is, the only one on the machine. But wait, that's not the same key:



enter image description here



The certificate i am presented through RDP is different than the one on the server:




Issued to: corsair
Issued by: corsair
Valid from: 4/6/2013 to 8/7/3012
Thumbprint (SHA1): ‎c5 b4 12 0d f6 4f b3 e7 a8 59 cd 4d e4 0e cb 5b 18 a1 42 92




Either there already is a Man-in-the-Middle, substituting fake certificates for RDP connections, or the certificate being presented by the RDP server is not visible in certmgr.msc.



Assuming i don't have CSIS monitoring my (non-domain) LAN: where can i find the certificate that RDP will present to connecting clients?



Server: Windows Server 2012 Standard



Note: Also applies to Windows 8. Also could apply to Windows 7, and earlier, and Windows Server 2008 R2, and earlier. Because even though, right now, i'm connecting to a server; i also connect to my Windows 7 desktop PC from the Internet - and i want to validate that i am seeing my actual desktop.



Keywords: How to change my Windows 8 Remote Desktop Connection SSL certificate? How to specify my Remote Desktop certificate?






security remote-desktop certificate windows-server-2012




security remote-desktop certificate windows-server-2012






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Oct 25 '13 at 11:50







Ian Boyd

















asked Sep 9 '13 at 23:38









Ian BoydIan Boyd

12.9k38108158




12.9k38108158













  • 1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

    – Sam Stephenson
    Oct 23 '13 at 13:31








  • 1





    @SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

    – Ian Boyd
    Oct 24 '13 at 12:26



















  • 1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

    – Sam Stephenson
    Oct 23 '13 at 13:31








  • 1





    @SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

    – Ian Boyd
    Oct 24 '13 at 12:26

















1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

– Sam Stephenson
Oct 23 '13 at 13:31







1.Are you using a your own domain CA server to create the SSL certificate or are you getting your SSL from a certificate Authority like Verisign? 2. Is the certificate you are showing in image 6mB6G.png from the a client or server?

– Sam Stephenson
Oct 23 '13 at 13:31






1




1





@SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

– Ian Boyd
Oct 24 '13 at 12:26





@SamStephenson It's on the server. It's whatever certificate the server decided to create in order to let me remote to it; i didn't create it, ask it to create it, ask anyone else to create it, or have anyone else create it. i RDP to the server and the warning appears.

– Ian Boyd
Oct 24 '13 at 12:26










2 Answers
2






active

oldest

votes


















21














In Windows 10:




  • Search for certlm.msc in the start menu or using Windows key + R

  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


In Windows 7:




  • Launch mmc.exe (as an administrator)


  • File -> Add/Remove Snap-in...

  • Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'

  • A new window titled 'Certificates Snap-in' appears where you can choose between 'My user account', 'Service account' and 'Computer account', choose the later, click 'Next' and then 'Finish' and finally 'OK'.


  • Under the 'Console Root' folder you now have 'Certificates (Local Computer)'


  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


You can then save this console view for easy access under 'File' -> 'Save'.






share|improve this answer


























  • The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

    – Mister_Tom
    Aug 4 '15 at 17:00











  • thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

    – Tarulia
    Sep 27 '15 at 13:23











  • Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

    – Franklin Yu
    Jan 7 '18 at 21:23






  • 1





    Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

    – Franklin Yu
    Dec 22 '18 at 3:53











  • Thanks, I've edited my answer with your solution

    – 2072
    Jan 2 at 1:38



















3














This is answered here:




It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message: 



Log Name:     System

Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 

....

Description: A new self signed certificate to be used for Terminal Server 

authentication on SSL connections was generated. The name on this certificate

is servername.domain.com . The SHA1 hash of the certificate is in the event

data.



Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.






share|improve this answer





















  • 1





    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

    – Ed Norris
    Mar 8 '14 at 19:42











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f643139%2fwhere-is-my-rdp-server-certificate-stored%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









21














In Windows 10:




  • Search for certlm.msc in the start menu or using Windows key + R

  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


In Windows 7:




  • Launch mmc.exe (as an administrator)


  • File -> Add/Remove Snap-in...

  • Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'

  • A new window titled 'Certificates Snap-in' appears where you can choose between 'My user account', 'Service account' and 'Computer account', choose the later, click 'Next' and then 'Finish' and finally 'OK'.


  • Under the 'Console Root' folder you now have 'Certificates (Local Computer)'


  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


You can then save this console view for easy access under 'File' -> 'Save'.






share|improve this answer


























  • The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

    – Mister_Tom
    Aug 4 '15 at 17:00











  • thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

    – Tarulia
    Sep 27 '15 at 13:23











  • Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

    – Franklin Yu
    Jan 7 '18 at 21:23






  • 1





    Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

    – Franklin Yu
    Dec 22 '18 at 3:53











  • Thanks, I've edited my answer with your solution

    – 2072
    Jan 2 at 1:38
















21














In Windows 10:




  • Search for certlm.msc in the start menu or using Windows key + R

  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


In Windows 7:




  • Launch mmc.exe (as an administrator)


  • File -> Add/Remove Snap-in...

  • Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'

  • A new window titled 'Certificates Snap-in' appears where you can choose between 'My user account', 'Service account' and 'Computer account', choose the later, click 'Next' and then 'Finish' and finally 'OK'.


  • Under the 'Console Root' folder you now have 'Certificates (Local Computer)'


  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


You can then save this console view for easy access under 'File' -> 'Save'.






share|improve this answer


























  • The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

    – Mister_Tom
    Aug 4 '15 at 17:00











  • thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

    – Tarulia
    Sep 27 '15 at 13:23











  • Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

    – Franklin Yu
    Jan 7 '18 at 21:23






  • 1





    Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

    – Franklin Yu
    Dec 22 '18 at 3:53











  • Thanks, I've edited my answer with your solution

    – 2072
    Jan 2 at 1:38














21












21








21







In Windows 10:




  • Search for certlm.msc in the start menu or using Windows key + R

  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


In Windows 7:




  • Launch mmc.exe (as an administrator)


  • File -> Add/Remove Snap-in...

  • Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'

  • A new window titled 'Certificates Snap-in' appears where you can choose between 'My user account', 'Service account' and 'Computer account', choose the later, click 'Next' and then 'Finish' and finally 'OK'.


  • Under the 'Console Root' folder you now have 'Certificates (Local Computer)'


  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


You can then save this console view for easy access under 'File' -> 'Save'.






share|improve this answer















In Windows 10:




  • Search for certlm.msc in the start menu or using Windows key + R

  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


In Windows 7:




  • Launch mmc.exe (as an administrator)


  • File -> Add/Remove Snap-in...

  • Select 'Certificates' in the 'Available Snap-ins' list and click 'Add >'

  • A new window titled 'Certificates Snap-in' appears where you can choose between 'My user account', 'Service account' and 'Computer account', choose the later, click 'Next' and then 'Finish' and finally 'OK'.


  • Under the 'Console Root' folder you now have 'Certificates (Local Computer)'


  • Click on the 'Remote Desktop' folder and then on 'Certificates'. There you will find the certificate this computer presents to its RDP clients.


You can then save this console view for easy access under 'File' -> 'Save'.







share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 2 at 1:36

























answered Jul 11 '15 at 8:45









20722072

36627




36627













  • The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

    – Mister_Tom
    Aug 4 '15 at 17:00











  • thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

    – Tarulia
    Sep 27 '15 at 13:23











  • Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

    – Franklin Yu
    Jan 7 '18 at 21:23






  • 1





    Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

    – Franklin Yu
    Dec 22 '18 at 3:53











  • Thanks, I've edited my answer with your solution

    – 2072
    Jan 2 at 1:38



















  • The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

    – Mister_Tom
    Aug 4 '15 at 17:00











  • thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

    – Tarulia
    Sep 27 '15 at 13:23











  • Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

    – Franklin Yu
    Jan 7 '18 at 21:23






  • 1





    Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

    – Franklin Yu
    Dec 22 '18 at 3:53











  • Thanks, I've edited my answer with your solution

    – 2072
    Jan 2 at 1:38

















The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

– Mister_Tom
Aug 4 '15 at 17:00





The REMOTE DESKTOP folder, I never saw that before! I kept looking in Personal and that's why I couldn't find it. Good catch!

– Mister_Tom
Aug 4 '15 at 17:00













thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

– Tarulia
Sep 27 '15 at 13:23





thanks, worked perfectly for me :) Just that the Fingerprint in that Certificate window has 2 digits more at the start... weird~

– Tarulia
Sep 27 '15 at 13:23













Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

– Franklin Yu
Jan 7 '18 at 21:23





Excellent! Didn't notice that certmgr.msc only shows certificates for current user, even if running as administrator.

– Franklin Yu
Jan 7 '18 at 21:23




1




1





Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

– Franklin Yu
Dec 22 '18 at 3:53





Windows 10 seems to come with a shortcut C:WindowsSystem32certlm.msc. Since System32 is in $PATH we can just search certlm.msc in Start Menu.

– Franklin Yu
Dec 22 '18 at 3:53













Thanks, I've edited my answer with your solution

– 2072
Jan 2 at 1:38





Thanks, I've edited my answer with your solution

– 2072
Jan 2 at 1:38













3














This is answered here:




It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message: 



Log Name:     System

Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 

....

Description: A new self signed certificate to be used for Terminal Server 

authentication on SSL connections was generated. The name on this certificate

is servername.domain.com . The SHA1 hash of the certificate is in the event

data.



Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.






share|improve this answer





















  • 1





    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

    – Ed Norris
    Mar 8 '14 at 19:42
















3














This is answered here:




It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message: 



Log Name:     System

Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 

....

Description: A new self signed certificate to be used for Terminal Server 

authentication on SSL connections was generated. The name on this certificate

is servername.domain.com . The SHA1 hash of the certificate is in the event

data.



Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.






share|improve this answer





















  • 1





    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

    – Ed Norris
    Mar 8 '14 at 19:42














3












3








3







This is answered here:




It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message: 



Log Name:     System

Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 

....

Description: A new self signed certificate to be used for Terminal Server 

authentication on SSL connections was generated. The name on this certificate

is servername.domain.com . The SHA1 hash of the certificate is in the event

data.



Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.






share|improve this answer















This is answered here:




It (the Remote Desktop Configuration service) [...] created the certificate. Doing so generates an event log message: 



Log Name:     System

Source:       Microsoft-Windows-TerminalServices-RemoteConnectionManager 

....

Description: A new self signed certificate to be used for Terminal Server 

authentication on SSL connections was generated. The name on this certificate

is servername.domain.com . The SHA1 hash of the certificate is in the event

data.



Go to eventvwr.msc, look up events by TerminalServices-RemoteConnectionManager in System and you will get all the different times when the RDP service (re-)created its server key, along with the SHA-1 hash of each key.







share|improve this answer














share|improve this answer



share|improve this answer








edited Mar 14 '14 at 8:48

























answered Jan 15 '14 at 9:36









DanDan

31117




31117








  • 1





    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

    – Ed Norris
    Mar 8 '14 at 19:42














  • 1





    Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

    – Ed Norris
    Mar 8 '14 at 19:42








1




1





Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

– Ed Norris
Mar 8 '14 at 19:42





Odd that Microsoft would hide useful information behind a login, so thanks for sharing that with the rest of us. On my Windows 7 machine, the name you want to filter events by is "TerminalServices-RemoteConnectionManager". If you've already deleted that event log entry, you can always change the machine name to force a new certificate and event log message.

– Ed Norris
Mar 8 '14 at 19:42


















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f643139%2fwhere-is-my-rdp-server-certificate-stored%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-