On Tue, Jun 20, 2023 at 12:01 PM Antoine G. <[email protected]> wrote: > > Hello Guacamole team & users, > > To connect (via RDP) to servers using a self signed cert, Guacamole > exposes the possibility to **ignore the certificate** (I assumed this is > equivalent to the "/cert:ignore" option from xfreerdp. > > Is there any way to use another policy? Like the "/cert:tofu" from > xfreerdp or /cert:fingerprint:xyz?
Currently, no, this is not possible. I think it would be a worthwhile enhancement, though. > > Idea is to tolerate connecting to a self signed server but to make sure > it does not change later on (one way or another but without editing the > OS cert store of the host running guacd). I agree this makes sense, along with the ability to specify a certificate fingerprint. The SSH protocol allows specifying a known_hosts entry (the SSH fingerprint), so this would be a good thing to add on the RDP side. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
