Re: Activate TLS/SSL on server

On Tue, Feb 6, 2024 at 11:13 AM Döngi, T. wrote: > Hi all, > > is it possible to enable TLS/SSL encryption for the guacamole server? > > This depends a bit upon where in the connection process you're trying to activate it, but, yes. I suspect you mean for the web page, which

Activate TLS/SSL on server

Hi all, is it possible to enable TLS/SSL encryption for the guacamole server? Mit freundlichen Grüßen Herr Döngi Stadtverwaltung Wiesloch IT-Service Marktstraße 13 D-69168 Wiesloch Persönliche E-Mail: t.doe...@wiesloch.de Abteilungs-E-Mail: e...@wiesloch.de De-Mail: i...@wiesloch.de

After updating to 1.5.4, guacd fails to connect with an "SSL accept failed" error.

Dear Team, I'm using ssl with guacd. After updating guacamole from 1.5.1 to 1.5.4, the following error will be displayed within 1-2 days after startup and connection will not be possible. "Unable to set up SSL/TLS: SSL accept failed" Guacamole client prints the following error

Re: SSL Guacamole

On Fri, Nov 17, 2023 at 12:57 PM Remush wrote: > Oh ok ! Ill try to set up a nginx container proxy passing to the guacamole > with an ssl. > > It will make the traffic https? Or I need to set some certificate in the > guacamole? > You will need to properly configure Ng

Re: SSL Guacamole

Oh ok ! Ill try to set up a nginx container proxy passing to the guacamole with an ssl. It will make the traffic https? Or I need to set some certificate in the guacamole? On Fri, 17 Nov 2023, 19:30 Nick Couchman, wrote: > On Fri, Nov 17, 2023 at 11:02 AM Remush wrote: > >> Oh ok

Re: SSL Guacamole

On Fri, Nov 17, 2023 at 11:02 AM Remush wrote: > Oh okay! But if I use the guacamole image in docker? > > Where is the tomcat setting ? > If you're running Docker, I highly suggest you use a reverse proxy, like Nginx or Apache httpd, rather than trying to modify Tomcat settings inside the

Re: SSL Guacamole

ve to set my certificate >> in the guacd.conf file with the key and also set the ssl feature in the >> guacamole.properties? >> > > No, this does not enable HTTPS - guacd does not provide the HTTP/WebSocket > component of the application. Tomcat provides HTTP and WebSocket, and if >

Re: SSL Guacamole

On Fri, Nov 17, 2023 at 6:43 AM Remush wrote: > Hey there! > > If I want to use my guacamole with HTTPS, do I have to set my certificate > in the guacd.conf file with the key and also set the ssl feature in the > guacamole.properties? > No, this does not enable HTTPS - guac

SSL Guacamole

Hey there! If I want to use my guacamole with HTTPS, do I have to set my certificate in the guacd.conf file with the key and also set the ssl feature in the guacamole.properties? When trying to access guacamole I get ssl_record_too_long

Re: Re: Enable ssl and install digicert

What Victor has suggested is perfectly valid. It is also a popular option to proxy Tomcat behind something like Nginx or Apache httpd, which is very popular, and then configure SSL on the proxy component. The manual has a page on proxy configuration: https://guacamole.apache.org/doc/gug/reverse

RE: Re: Enable ssl and install digicert

t; > > > > Any document (step by step) to enable and install ssl ? > > > > Can you clarify in what context you're referring to enabling and > > installing SSL? > > > > * Between Tomcat and guacd? > > * Between guacd and r

Re: Enable ssl and install digicert

Between web browser clients and Tomcat On Wed, Aug 30, 2023 at 6:14 AM Nick Couchman wrote: > On Wed, Aug 30, 2023 at 7:40 AM Rezk Mekhael > wrote: > > > > Hi , > > > > Any document (step by step) to enable and install ssl ? > > Can you clarify in what

Re: Enable ssl and install digicert

On Wed, Aug 30, 2023 at 7:40 AM Rezk Mekhael wrote: > > Hi , > > Any document (step by step) to enable and install ssl ? Can you clarify in what context you're referring to enabling and installing SSL? * Between Tomcat and guacd? * Between guacd and remote servers? * Between web bro

Enable ssl and install digicert

Hi , Any document (step by step) to enable and install ssl ? Thanks Rezk -- Rezk Mekhael rezk.mekh...@gmail.com c. +1818-599-4181

Re: Guacamole white-screening behind F5 SSL off-loading

f I can catch it doing this--it's an intermittent issue and it >> hasn't caught me--I'll do so. I'm pretty sure our SSL termination isn't >> injecting CSP rules. What else might I check? >> >> Thanks, >> >> John A >> >> On Mon, Feb 20, 2023 at 1:54

Re: Guacamole white-screening behind F5 SSL off-loading

Johnnie W Adams wrote: > Hi, Mike, > > If I can catch it doing this--it's an intermittent issue and it > hasn't caught me--I'll do so. I'm pretty sure our SSL termination isn't > injecting CSP rules. What else might I check? > > Thanks, > > John A > > On Mon

Re: Guacamole white-screening behind F5 SSL off-loading

Hi, Mike, If I can catch it doing this--it's an intermittent issue and it hasn't caught me--I'll do so. I'm pretty sure our SSL termination isn't injecting CSP rules. What else might I check? Thanks, John A On Mon, Feb 20, 2023 at 1:54 PM Michael Jumper wrote: > On Mon, Feb

Re: Guacamole white-screening behind F5 SSL off-loading

On Mon, Feb 20, 2023, 11:48 AM Johnnie W Adams wrote: > Hi, folks, > > We've got our instance of guacamole 1.4.0 behind an F5 i2600, which > does our SSL work for us. We don't have any interest in running SSL on the > application instance itself. We are occasionally getting t

Guacamole white-screening behind F5 SSL off-loading

Hi, folks, We've got our instance of guacamole 1.4.0 behind an F5 i2600, which does our SSL work for us. We don't have any interest in running SSL on the application instance itself. We are occasionally getting the White Screen of Delay as described under "No graphics a

R: How to insert SSL in Dockers guacamole

Hello. This is my solution with guacamole in docker on Debian Linux. I installed Apache Web Server (not in Docker but from packages of the operating system). I enabled these modules: · proxy · proxy_http · proxy_wstunnel · rewrite · ssl Then I

How to insert SSL in Dockers guacamole

Hi We have installed Dockers. Now how to install the SSL purchased from third party, in between. Kindly guide us someone. Thanks and regards

OpenID SSL reverse proxy authentification

. Authentication succeeds but the OpenID login window reappears and I can't access Guacamole. In the Tomcat logs, the issue appears as an SSL authentication failure: [image: image.png] I searched the web a lot but couldn't find the solution. Could you help me by sharing your experience and/or your

RE: [External] Re: SSL LDAP

Subject: [External] Re: SSL LDAP On Tue, Sep 20, 2022 at 2:36 PM Johnson, Nachay [USA] wrote: > > Trying to figure out an SSL issue with ldap. "PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to

Re: SSL LDAP

On Tue, Sep 20, 2022 at 2:36 PM Johnson, Nachay [USA] wrote: > > Trying to figure out an SSL issue with ldap. "PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target"

SSL LDAP

Trying to figure out an SSL issue with ldap. "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" I added the ldap cert to cacerts, but I still receive this message in my tomcat log.

Re: SSL Handshake to Guacd randomly failing

ig for both guacamole and guacd are bind mounted > to the containers so that the configs are stored externally to the > container, and an external MySQL database stores the data, with > authentication being done externally with an IDP using OIDC extension. > > The odd part is th

Re: Guacamole SSL/MySQL schema changes?

to even disable the > requirement for SSL > No, nothing has changed regarding SSL. The SQL schema has no impact on whether SSL is used, but also has not changed. The SQL schema has actually not changed since 1.0.0. Guacamole: > 19:54:35.187 [http-nio-8080-exec-10] ERROR > o.a.g.s.GuacamoleHTTP

Guacamole SSL/MySQL schema changes?

Hi all, Did something change with Guac? For two weeks (on and off in spare time!) now I've tried to figure out why Guacamole can't connect to Guacd, where it was previously working just fine. I can't seem to even disable the requirement for SSL Guacamole: 19:54:35.187 [http-nio-8080-exec

Re: SSL Handshake to Guacd randomly failing

that the configs are stored externally to the container, and an external MySQL database stores the data, with authentication being done externally with an IDP using OIDC extension. The odd part is that even turning SSL off doesn’t work, and rolling back to known working versions makes no difference. I

Re: SSL Handshake to Guacd randomly failing

alive and acessible remotely via RDP directly. I've also tried removing SSL and it still seems to fail: [http-nio-8080-exec-1] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake guacd[7

SSL Handshake to Guacd randomly failing

RDP directly. I've also tried removing SSL and it still seems to fail:   [http-nio-8080-exec-1] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake guacd[7]: ERROR:    Guacamole protocol violation

SSL Configuration for Guacd

I'm trying to get SSL setup on our guacd server for the first time, but I'm having troubles getting my guacd.conf file to work once I uncomment the lines. [adminserv@cvadguacd-01-dev ~]$ guacd -C /home/adminserv/cvadguacd-01-dev_college_edu_w_chain.cer -K /home/adminserv/nopasswd.server.key

Re: 502 Proxy Error Using SSL and Chrome

sers, Chrome is unable to connect to Guacamole via SSL. Only Chrome is > showing a 502 Proxy Error, other browsers still connect without error. > Chrome's error: > The proxy server received an invalid response from an upstream server. > The proxy server could not handle the request >

502 Proxy Error Using SSL and Chrome

I have been using the same Apache Reverse Proxy settings, as instructed in the Guacamole Manuel, since 2018 with Guacamole version 0.9.14. And things have worked flawlessly. Since the end of 2020, sporadically with different users, Chrome is unable to connect to Guacamole via SSL. Only Chrome

Re: Enabling Guacd SSL

Guacd logs to syslog, Tomcat usually to catalina.out (but later Ubuntu versions log to syslog). I can't comment specifically on implementing ssl, I've never done it, but there is some data on enabling it here: https://guacamole.apache.org/doc/gug/configuring-guacamole.html Also, I don't

Enabling Guacd SSL

I'm trying to enable SSL between my Guacamole tomcat server and the guacd server. I'm getting an error when trying to connect to RDP when the setting is enabled. I'm almost certain it is a certificate issue but I'm not sure where the error would be logged to. Does anyone know where guacd would

Proper SSL/Encryption Setup Other Than for HTTPS?

Guac 1.2.0 Nginx: 1.18.0 Tomcat: 9.0.37 (CentOS/RHEL 8.x) I am not talking about HTTPS in relation to accessing the domain/ip via a browser, this I have setup and working via Nginx. I am asking about: 1) Encrpytion between guac client and guac server (guacd) via the guacd-ssl property

Re: guacd with SSL

Hi Nick. It worked, it was that detail that was missing in Java certs. There are so many details, :-) I'll have to write down all the steps here or set up an updated tutorial. I believe to be safe now, with SSL certified in the three phases of connection: - Tomcat Web User with proxy SSL

Re: guacd with SSL

ven between Tomcat and quacd. > > I put the option in properties: > > guacd-ssl: true > > I restarted tomcat > > I started quacd with the line: > > / usr / local / sbin / guacd -f -C /etc/httpd/certs/remoto-final.pem -K > /etc/pki/tls/certs/remoto-key.pem -L debug &

Re: guacd with SSL

Hi Mike, thanks for your reply. Communication between the web user on tomcat is already done. I was able to configure the reverse proxy in apache without any problems. Now I want to do the configuration even between Tomcat and quacd. I put the option in properties: guacd-ssl: true I restarted

Re: guacd with SSL

First, if you are trying to set up SSL/TLS in front of the web application, this is not the way. This affects only the (internal) communication between Tomcat and guacd. Assuming this is indeed what you're looking for (you are trying to encrypt the internal, non-user-facing communication between

guacd with SSL

I promise it's my last question for today ;-) When I put the certificate settings in guacd, I have in the log: Jul 5 20:00:34 guacd[14248]: Guacamole proxy daemon (guacd) version 1.2.0 started Jul 5 20:00:34 guacd[14248]: Communication will require SSL/TLS. Jul 5 20:00:34 guacd[14248]: Using

Re: Enable SSL in Apache guacamole running under docker using the default guacamole images.

;> Background >> Apache guacamole running under docker using the default guacamole images. >> External Microsoft Azure-managed MySQL database. >> Azure by default requires SSL connections to the managed db service. >> This can be disabled but that is not an option for t

Re: Enable SSL in Apache guacamole running under docker using the default guacamole images.

: > Background > Apache guacamole running under docker using the default guacamole images. > External Microsoft Azure-managed MySQL database. > Azure by default requires SSL connections to the managed db service. > This can be disabled but that is not an option for this environment. >

Enable SSL in Apache guacamole running under docker using the default guacamole images.

Background Apache guacamole running under docker using the default guacamole images. External Microsoft Azure-managed MySQL database. Azure by default requires SSL connections to the managed db service. This can be disabled but that is not an option for this environment. Settings Docker

Re: Help with enabling guacd SSL

Thank you for clarifying, SSL now working between web client and guacd proxy :-) On Mon, 13 Jan 2020 at 11:05, Mike Jumper wrote: > On Mon, Jan 13, 2020, 02:27 Kelvin Middleton > wrote: > >> Thanks for taking the time Mike. >> >> So I figured I'd need to mount in

Re: Help with enabling guacd SSL

On Mon, Jan 13, 2020, 02:27 Kelvin Middleton wrote: > Thanks for taking the time Mike. > > So I figured I'd need to mount in certs and I've successfully done this > for the guacamole tomcat server and my web proxy so no issues with this. > I'd just assumed that the guacd image allowed for more

Re: Help with enabling guacd SSL

el. >> >> $docker ps -a --no-trunc >> "/bin/sh -c '/usr/local/guacamole/sbin/guacd -b 0.0.0.0 -L >> $GUACD_LOG_LEVEL -f'" >> >> Would appreciate any pointers as to the correct way to modify the startup >> of a guacd docker container? >> > >

Re: Help with enabling guacd SSL

guacd -b 0.0.0.0 -L > $GUACD_LOG_LEVEL -f'" > > Would appreciate any pointers as to the correct way to modify the startup > of a guacd docker container? > Enabling SSL for guacd within the container would require bringing the relevant SSL certificate and key into the container, eit

Help with enabling guacd SSL

Hi, I've a working install using Docker on Windows and am wanting to enable encryption between the guacamole tomcat instance and guacd. Reading the manual this seems pretty straightforward if using guacd.conf but from what I can tell the guacd docker image simply luaches the guacd binary at start

Re: SSL Failed

On Wed, Sep 25, 2019 at 5:21 AM Reshef, Chen wrote: > Hi, > > > > Trying to start the guacd with SSL, I get this error > > Starting guacd: guacd[27347]: INFO: Guacamole proxy daemon (guacd) > version 0.9.12-incubating started > > guacd[27347]: DEBUG:Suc

Re: Disable SSL certificate verification with OpenID Connect Authentication

em > below. Could you help to tell how to disable ssl certificate verification? Is > there a “ssl_verify” flag that I can turn off? > > 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of > https://119.3.69.8:8443/auth/realms/Supra/protocol/openid-conn

Re: Disable SSL certificate verification with OpenID Connect Authentication

our JWTConsumerBuilder in the > o.a.g.a.o.t.TokenValidationService of the OpenID extension. That worked for > me but may not solve your exact problem. > > -Ryan > > -Original Message- > From: Yang Yang > Sent: Tuesday, July 23, 2019 9:13 AM > To: user@guacamole.apache.or

Re: Disable SSL certificate verification with OpenID Connect Authentication

On Tue, Jul 23, 2019 at 9:13 AM Yang Yang wrote: > Hello, > > I’m testing OpenID Connect Authentication with https on, and got the > problem below. Could you help to tell how to disable ssl certificate > verification? Is there a “ssl_verify” flag that I can turn off? > > 1

RE: Disable SSL certificate verification with OpenID Connect Authentication

--Original Message- From: Yang Yang Sent: Tuesday, July 23, 2019 9:13 AM To: user@guacamole.apache.org Subject: Disable SSL certificate verification with OpenID Connect Authentication Hello, I’m testing OpenID Connect Authentication with https on, and got the problem below. Could you help t

Disable SSL certificate verification with OpenID Connect Authentication

Hello, I’m testing OpenID Connect Authentication with https on, and got the problem below. Could you help to tell how to disable ssl certificate verification? Is there a “ssl_verify” flag that I can turn off? 17:11:56.117 [http-nio-8080-exec-2] DEBUG org.jose4j.http.Get - HTTP GET of https

Re: guacd ssl issues

On Fri, May 3, 2019 at 1:39 PM aturner89 wrote: > Mr. Jumper, > > Yes, that was indeed the issue. Thank you very much for your help and > directing me to post in the correct place. I'm working on a write up now > and > I'll put it up on a gist. Would this be a case where I could submit a pull >

Re: guacd ssl issues

Mr. Jumper, Yes, that was indeed the issue. Thank you very much for your help and directing me to post in the correct place. I'm working on a write up now and I'll put it up on a gist. Would this be a case where I could submit a pull request to possibly add to the guacd documentation? I

Re: guacd ssl issues

On Thu, May 2, 2019 at 9:28 PM Alex Turner wrote: > Hello all! > > I've been trying for few days to setup TLS between the guac client and > guacd but I end up with the following error: > > - guacd[572]: Unable to set up SSL/TLS: SSL accept failed > > I created a se

Re: Connect to VNC server with SSL

So, it could be an issue with the libvncclient or libguac-vnc ? I set the loglevel to ALL for guacd & tomcat but didn't see anything relevant. I saw that x11vnc is using libvncclient v0.9.11 and guacamole was built with 0.9.9 ... Not sure if it is important or no. Maybe I'll try to reinstall

Re: Connect to VNC server with SSL

c-client-vnc, talks to the remote desktop. The various libguac-client-* are loaded by guacd dynamically depending on the protocol needed by a connection. For libguac-client-vnc, the connection to the VNC server leverages libvncclient, and it is that library which would ultimately actually deal with

Re: Connect to VNC server with SSL

On 2019-04-26 11:07, Idhren wrote: > On the Ubuntu workstation: > > openssl ciphers -s | grep DHE >

Re: Connect to VNC server with SSL

report for localhost (127.0.0.1) Host is up (0.66s latency). PORTSTATE SERVICE 443/tcp open https | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: | ciphers: | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - strong | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - strong

Re: Connect to VNC server with SSL

llman 1024 bits, 0.000s > 24/04/2019 14:51:32 SSL: error:1417A0C1:SSL > routines:tls_post_process_client_hello:no shared cipher Idhren, It looks that the server cannot agree with the client on what cipher to use. Check that you have right certificate for Diffie-Hellman (check issue#2572 <h

Re: Connect to VNC server with SSL

11Connection "$09a97835-6019-42ed-b52a-e21a3bbb7e20" removed. x11vnc Server (-ssl -passwd as option): 24/04/2019 14:51:31 SSL: accept_openssl(OPENSSL_VNC) 24/04/2019 14:51:31 SSL: spawning helper process to handle: 147.210.8.245:56298 24/04/2019 14:51:31 SSL: helper for peerport 562

Re: Connect to VNC server with SSL

hi idhren, you forget to put the output of your log files

Connect to VNC server with SSL

Dear, I'm testing Guacamole (1.0) since a few day on a RHEL 7 server with VNC, SSH & RDP connection. It's been a few day since I'm struggling to encrypt my VNC connection. It works fine without SSL, but I have this errors when I use SSL: Catalina_out: x11vnc logs: This is with def

Docker Mysql8 SSL problem

When running the guacamole docker image linked to a mysql8 docker image, I'm experiencing an error in the logs that says: Fri Feb 08 04:24:15 UTC 2019 WARN: Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6

Gaucamole and SSL inspection

Hello, I was wondering if anyone has used Gaucamole in a client scenario where the client organisation uses SSL inspection. SSL inspection uses a web proxy at the client side to act as a 'man in the middle' and exchange real certificates for certificates generated by the client side user

Re: SSL

The instruction set does mention using your providers ssl either it be comodo or some other certificate provider. In our case we are using ssl2buy which is really comodo. Thank You -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Re: SSL

The directions given for setting up SSL are a good start but uses a self-signed cert instead of a valid cert from say, LetsEncrypt. The suggested guacamole_ssl.conf configuration is also far from secure for many reasons. 1. First your using TLS 1.0 and TLS 1.1. Unless needed for very legacy

Re: SSL

On Wed, Jan 16, 2019 at 4:19 AM sciUser wrote: > I am going to give a complete step-by-step instruction on how to get SSL on > guacamole running on CentOS7 build. I really wish the Guacamole project > would have more instructions like this, it would help so many. > > Thank you f

Re: SSL

I am going to give a complete step-by-step instruction on how to get SSL on guacamole running on CentOS7 build. I really wish the Guacamole project would have more instructions like this, it would help so many. Steps as followed: 1. Login to your CentOS7 using SSH you will need root access

Re: SSL

On Tue, Jan 15, 2019 at 17:54 sciUser wrote: > I looked at the other topics about SSL and they where not to the point. > > If I want to run SSL https://guachere/guacamole do I install it on the > nginx > or tomcat? > Technically you can install SSL/TLS in either place. I

SSL

I looked at the other topics about SSL and they where not to the point. If I want to run SSL https://guachere/guacamole do I install it on the nginx or tomcat? Thank You -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

RE: SSL RDP Download file fails

Hi, I have reconfigured Debian Jessie x86 Guacamole 0.9.13 RELEASE to use nginx to terminate SSL traffic. But dragging and dropping files onto the SharedFolder:downloads folder still fails First drop - it does nothing Second drop - it works. But session gets disconnected. On guacamole

Re: SSL RDP Download file fails

Regarding the non-WebSocket messages: On Mon, Jan 8, 2018 at 1:03 PM, Adrian Owen wrote: > Hi Mike, > > Yes Chrome shows this error: > > The key "target-densitydpi" is not supported. > This is a warning regarding a legacy meta key used to hint to older browsers that

RE: SSL RDP Download file fails

I'll try that and feedback, Cheers, Adrian -Original Message- From: Mike Jumper [mailto:mike.jum...@guac-dev.org] Sent: 08 January 2018 21:15 To: user@guacamole.apache.org Subject: Re: SSL RDP Download file fails Under the assumption that Tomcat has issues with it's HTTPS connector vs

Re: SSL RDP Download file fails

Under the assumption that Tomcat has issues with it's HTTPS connector vs. WebSocket, I'd recommend switching things over to using a reverse proxy like Apache or Nginx for SSL termination. If the problem is the same as the issue referenced in the mailing list thread I mentioned earlier, that should

RE: SSL RDP Download file fails

9F Failed to load resource: the server responded with a status of 404 (Not Found) Adrian From: Mike Jumper [mailto:mike.jum...@guac-dev.org] Sent: 08 January 2018 20:47 To: user@guacamole.apache.org Subject: Re: SSL RDP Download file fails On Mon, Jan 8, 2018 at 12:44 PM, Mike Jumper <mik

Re: SSL RDP Download file fails

On Mon, Jan 8, 2018 at 12:44 PM, Mike Jumper wrote: > Do you see anything in the network tab of your browser's dev tools when > the upload fails? If Tomcat is rejecting the request, the response within > the network tab may reveal the cause. Depending on whether IE