Why would Windows OS RDP thumbprint change?

Posted on 2014-08-15
Last Modified: 2014-08-15
First, I am a Linux admin, so bare with me if I am using the wrong terminology.

We have a Windows 2008R2 server that I routinely have to remote into for some tasks.  I use freerdp from a Linux system to remote to the system.

Recently I received an error when trying to remote to the system that said the fingerprint has changed.  I had an admin log in and confirm that the thumbprint has indeed changed.  

My question is, what would make the thumbprint change?  We have had no reinstalls, no cert updates, etc...
Question by:savone
    LVL 20

    Expert Comment

    by:Svet Paperov
    RDP uses SSL to secure its connection. A self-signed RDP SSL certificate expires each 6 months. Windows remote users receive a warning each time a new self-signed RDP SSL certificate is generated and they can chose to accept it or to disconnect.

    If you know a little bit about SSL certificates, you know that the fingerprint corresponds to the public key of such certificate.
    LVL 23

    Author Comment

    Is there a way to extend the expiration date beyond 6 months?  And can we use a cert from a CA (verisign?) for RDP SSL connections?
    LVL 20

    Accepted Solution

    Yes, if you purchase a SSL certificate from a public CA you won’t get any warnings about the fingerprint because the certificate chain will be trusted by your computer.

    I found Verisign a little bit more expensive than DigiCert (my preferred), Comodo or GoDaddy. But it depends on your requirements.
    LVL 23

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    Know what services you can and cannot, should and should not combine on your server.
    This tutorial will show how to inventory, catalog, and restore media from legacy versions of Backup Exec into both 2012 and 2014 versions of the software. Select Storage from the tabs along the ribbon bar as the top: Ensure the proper storage devi…
    This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now