Hi,
To mitigate RDP MitM vulnerability, I wanted to set up SSL for terminal services on a Win 2008 R2 Server (say, legitserver.domain.com). BUT I've imported a valid certificate* that has a different common name (uselessserver.domain.com, actually issued for
a different purpose). I picked that certificate for SSL in tsconfig.msc, set SSL as security layer, everything looks fine.
Now, when I want to connect via RDP from XP workstation, I get a warning, that certificate name does not match the hostname and whether I want to continue. That is ok, naturally, that's how I would expect it to be.
HOWEVER:
When I connect from Win 7 workstation, there's no warning; not a hint that I am trying to connect to a machine that uses certificate with a different common name than the hostname. I don't think that is correct - what's the point using SSL
then?
So question: Is it a bug, or a feature? Can this be changed, on either side (server or client)
*SHA-512, 2048b RSA key