I have a Windows Server 2012 server that is administered via RDP. Every so often, (lets say, once every quarter ?!?) I get asked to accept a new certificate. It is not in a Domain and not rolling as a Terminal Server.
I have a route there for which a Man in the Middle Attack is relatively unlikely.
So here are my questions:
- That certificate changes without me being asked, or it being a big patch day. How alarmed should I be?
- What triggers Windows to regenerate this cert? I know it happens on Windows7 hosts sometimes, but for Servers I thought security would be kind of interesting.
- Can I somehow verify, that there's no man in the middle?
In the Remote Desktop Services configuration, you can specify a certificate to use. You can also see the details of the current certificate. Compare the the thumbprint on that certificate to the one presented when you connect.
What's probably happening is the certificate is being automatically generated with a short expiration date. If you generate a certificate yourself, you can specify an expiration date.