Bug 514959

Summary: KRDC / KDE Connect - Remember this certificate not remembered
Product: [Applications] krdc Reporter: 1066340417491710595814572169
Component: RDPAssignee: Urs Wolfer <uwolfer>
Status: REPORTED ---    
Severity: normal CC: ctrlaltca
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description 1066340417491710595814572169 2026-01-23 06:21:31 UTC 
SUMMARY
When connecting to remote device via KRDC from "Virtual Display" / "Use device as an external monitor" in KDE Connect, and it asks every time to verify the certificate.


STEPS TO REPRODUCE
1. Setup KRDC and KDE connect between 2 machines.
2. Connect to remote device.
3. Remember this certificate when prompted.
4. disconnect.
5. reconnect. (new session)
6. It will prompt again "The certificate for this system is unknown", because it does not remember.

OBSERVED RESULT
I click the "Remember this certificate" box. But it doesn't remember because it keeps asking each session. I have taken note of the fingerprint in the details, and it does not change between sessions. 

This is from the same host to the same remote device.

EXPECTED RESULT
It should only ask once, after remembering the first time.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux 
KDE Plasma Version: 6.5.5
KDE Frameworks Version: 6.22.0
Qt Version: 6.10.1
Kernel Version: 6.18.5-arch1-1 (64-bit)
Graphics Platform: Wayland

(both machines are the same)

ADDITIONAL INFORMATION

Something I noticed is the <hash> portion of the rdp connection string seems to change each time I connect. In this format: rdp://<user>:<hash>@<ip>:<port>
And the port also seems to keep changing. Perhaps the port auto-increments if it left a binding behind? I am not sure if the certificate is tied to the port or something, seems unrelated. Just making notes.
Comment 1 Fabio 2026-01-24 22:31:16 UTC 
I'm not sure how the hash/port are created by KDE Connect, but the "remember certificate" feature associates the certificate fingerprint to the full URL. So if the URL is different at each connection, I understand this is not going to work. I'll investigate how KDE connect generates these URLs and how to mitigate the issue if possible.