[
https://issues.apache.org/jira/browse/GUACAMOLE-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331065#comment-17331065
]
Mike Jumper commented on GUACAMOLE-1332:
----------------------------------------
{quote}
[Documentation] rdp connection : undocumented alternative to "Ignore server
certificate" and .config/freerdp/known_hosts2
{quote}
I think the issue here is not that {{.config/freerdp/}} needs to be documented,
but that we should provide an additional RDP connection parameter for
specifying the certificate/fingerprint/etc. similar to that provided for SSH
via GUACAMOLE-527.
It's a design decision within Guacamole that connection-specific behavior
should be determined by the connection parameters alone, with those parameters
being fed to guacd by the Guacamole protocol from arbitrary sources/processes
that are _opaque_ to guacd. It's this architecture that allows guacd to exist
independently of the concerns of the webapp, and allows the webapp to flexibly
rely on a file, a database, LDAP, or just about anything an extension author
can dream up. Having an option that relies purely on server-side configuration
files to determine connection behavior would go against that.
Guacamole is not specifically intended to use {{.config/freerdp/}} at all. In
fact, if there were an option to avoid the directory entirely, I think we would
jump on that. The way that the FreeRDP library currently depends on
successfully creating that directory, even if nothing is going to be written
there, results in issues like GUACAMOLE-931.
> [Documentation] rdp connection : undocumented alternative to "Ignore server
> certificate" and .config/freerdp/known_hosts2
> -------------------------------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-1332
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1332
> Project: Guacamole
> Issue Type: Wish
> Components: guacd
> Environment: Debian buster guacamole 1.3.0
> Reporter: Bastien
> Priority: Minor
> Labels: FreeRDP
> Attachments: guacamole.log
>
>
> Hello,
> I spend whole day to configure a RDP connection without using "Ignore server
> certificate". I use a xrdp serveur with a self signed certificate (end goal
> is a signed certificate from PKI). I didn't find how to trust the certificate
> fingerprint. I got "Certificate validation failed". "certificate not trusted,
> aborting."
> I discovered that Guacamole use freerdp which is not well documented on the
> subject. I tried to add the pem certificate with {{update-ca-certificates}},
> or in _.config/freerdp/certs_ and get nothing.
> Do I miss some documentation on how to set-up a trusted RDP host on Guacamole
> ?
> On my Guacamole test server, I install xfce and remina, succeed to connect to
> the target. It populates the .config/freerdp/known_hosts2 file, then
> Guacamole connection begin to work. But it is not an option for the
> production server.
>
> Thanks you
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
