I have a site that is hosting a page that mandates a password/token to be entered by a user. The TLS certificate in place has the regular TLS certificate content:
EKU = Client Authentication (220.127.116.11.18.104.22.168.2) Server Authentication (22.214.171.124.126.96.36.199.1)
Why is Qualys flagging my site with the QID:38172?
This is not RDP, this not port 3389 and the TLS certificate is valid.
Do I need to have an EKU that matches RDP requirements?
Is this a false-positive from the scan?
Any help would be much appreciate it.