I have a site that is hosting a page that mandates a password/token to be entered by a user. The TLS certificate in place has the regular TLS certificate content:
EKU = Client Authentication (184.108.40.206.220.127.116.11.2) Server Authentication (18.104.22.168.22.214.171.124.1)
Why is Qualys flagging my site with the QID:38172?
This is not RDP, this not port 3389 and the TLS certificate is valid.
Do I need to have an EKU that matches RDP requirements?
Is this a false-positive from the scan?
Any help would be much appreciate it.