I have a site that is hosting a page that mandates a password/token to be entered by a user. The TLS certificate in place has the regular TLS certificate content:
EKU = Client Authentication (188.8.131.52.184.108.40.206.2) Server Authentication (220.127.116.11.18.104.22.168.1)
Why is Qualys flagging my site with the QID:38172?
This is not RDP, this not port 3389 and the TLS certificate is valid.
Do I need to have an EKU that matches RDP requirements?
Is this a false-positive from the scan?
Any help would be much appreciate it.