Hello all, I guess most of us are ignoring certificates with RDP. If you are like me and looked at Microsofts documentation how to replace a self-signed certificate, there is a clear trade off. and so far I am running Guacamole on the same physical host then my virtual machines it interfaces to, but I guess this is a rather atypical scenario. You may also argue, NLA/CredSSP is used after TLS connection is established and mitigates the risk, but from a privacy pov at least you disclose communication metadata (including the PDU for Hyper-V connections) prior to that, and if you are located in Europe like me, discussions like this trigger data protection impact assessments.
The good news is that FreeRDP now supports to supply known certificate fingerprints starting with <https://github.com/FreeRDP/FreeRDP/pull/5880> https://github.com/FreeRDP/FreeRDP/pull/5880.. I am already leveraging that when my software interfaces to wfreerdp via command line, but with Guacamole I cannot. I definitely would appreciate if that could be added to Guacamole as well, probably as part of the connection properties. Thanks & Best Regards, Joachim
