[
https://issues.apache.org/jira/browse/GUACAMOLE-1332?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17331835#comment-17331835
]
Bastien commented on GUACAMOLE-1332:
------------------------------------
I understand. I don't find documentation on _certificate/fingerprint_ on
upstream project *freerdp*. With some
[tricks|https://gist.github.com/playerla/d6e4ec046029a0e77a0864b116b29016#file-known_hosts2]
I successfully wrote config/freerdp/known_hosts2. I agree it will be better
with RDP connection parameters for finding and specifying the
certificate/fingerprint.
> Add parameter for specifying known RDP server certificate/fingerprint
> ---------------------------------------------------------------------
>
> Key: GUACAMOLE-1332
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1332
> Project: Guacamole
> Issue Type: Wish
> Components: RDP
> Environment: Debian buster guacamole 1.3.0
> Reporter: Bastien
> Priority: Minor
> Attachments: guacamole.log
>
>
> Hello,
> I spend whole day to configure a RDP connection without using "Ignore server
> certificate". I use a xrdp serveur with a self signed certificate (end goal
> is a signed certificate from PKI). I didn't find how to trust the certificate
> fingerprint. I got "Certificate validation failed". "certificate not trusted,
> aborting."
> I discovered that Guacamole use freerdp which is not well documented on the
> subject. I tried to add the pem certificate with {{update-ca-certificates}},
> or in _.config/freerdp/certs_ and get nothing.
> Do I miss some documentation on how to set-up a trusted RDP host on Guacamole
> ?
> On my Guacamole test server, I install xfce and remina, succeed to connect to
> the target. It populates the .config/freerdp/known_hosts2 file, then
> Guacamole connection begin to work. But it is not an option for the
> production server.
>
> Thanks you
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
