Re: [TurboVNC-Users] x509 usage

Fri, 21 Oct 2016 18:31:08 -0700 

Try using one of the scripts here:

https://gist.github.com/dcommander/fc608434735026dd8215

to generate a self-signed certificate.  gencert.cn generates a "regular"
certificate, and gencert.san generates a certificate with the "Subject
Alternative Names" extension.  Both should work with TurboVNC 2.1.

Once generated, start the server with:

/opt/TurboVNC/bin/vncserver -x509cert {path_to}/server.crt -x509key
{path_to}/server.key -SecurityTypes x509none

(server.crt and server.key are generated by the aforementioned scripts.)

Then, on your client, start the viewer (start the Java TurboVNC Viewer
if you are using a Windows client), click "Options", then under the
"Security" tab, next to "CA cert", click "Load" and select the
ca_server.crt file that was generated by the aforementioned scripts.
Click "OK" and proceed with the connection.  Note that you will probably
get a warning "X.509 hostname verification failed."  That is expected,
but you can click "Yes", and it should still authenticate successfully
(it's been a while since I looked at this feature, but I think the
warning is because of the self-signed certificate.  I don't think that
warning is generated with a "real" certificate.  I was able to, for
instance, use my existing code signing certificate from Thawte as an
X.509 certificate in TurboVNC.)


On 10/21/16 7:07 PM, QT wrote:
> Dear DRC,
> 
> I'm using Turbovnc server 2.1 (build 20160920).  The connection is
> already tunnel through ssh but just trying out the x509 certificate
> authentication.  I'm not very verse with this authentication method
> yet.  I'm getting a hostname verification failure but can still connect
> if I press yes at the prompt.  What could I be doing wrong?
> 
> Best,
> Quyen

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
TurboVNC-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/turbovnc-users

Reply via email to