Well darn Basically we have many (15+) servers and many different clients (15+).
We want to allow each one to log in automatically, but have the centralized security of the CA so that only known hosts (signed by the CA) are able to connect instead of just sharing the password file. Also we were hoping to keep our authentication consistent - so just be able to manage certificates instead of certificates and a password file. On Monday, July 22, 2019 at 11:58:41 AM UTC-4, DRC wrote: > > That is not possible, and I don't know of any way to make it possible > without some fairly deep modifications to the VeNCrypt extensions, and > possibly even some deep modifications to the RFB authentication protocol > itself (which would necessitate a new version of that protocol.) > > What are you ultimately trying to achieve with this? > > On 7/22/19 8:00 AM, Andy wrote: > > Is it possible to configure it so that the client and the server can > > authenticate via x509 certificates? > > > > Currently i have it set up so that the Client validates the servers > > cert, and then the server validates the client with a password file. > > What I would like to do would be set the client up with its own cert and > > password signed by the same CA instead of using the password file > > > > *Server * > > /opt/TurboVNC/bin/vncserver -SecurityTypes X509Vnc -x509cert > > /home/csof/ca/certs/localhost.cert.pem -x509key > > /home/csof/ca/certs/localhost.key.pem -rfbauth /home/csof/ca/t.file > > > > * > > * > > *Client * > > /opt/TurboVNC/bin/vncviewer -x509ca /home/csof/ca/certs/CA.cert.pem > > -passwd /home/csof/ca/t.file -loglevel 100 localhost:1 > > > > <what I would like to do> /opt/TurboVNC/bin/vncviewer -x509ca > > /home/csof/ca/certs/CA.cert.pem -x509cert > > /home/csof/ca/certs/client.cert.pem -x509key > > /home/csof/ca/certs/client.key.pem </> > > I would also need to give the vncserver the CA cert too. > > > > Thanks! > -- You received this message because you are subscribed to the Google Groups "TurboVNC User Discussion/Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/turbovnc-users/4c9ae163-ed29-4d43-b5fa-a1af8498e2e8%40googlegroups.com.
