On Wed, Apr 8, 2020 at 3:22 AM Joachim Lindenberg <joac...@lindenberg.one> wrote:
> Hello Nick, Mike, > > „Guacamole kind of already supports” – can you please clarify how this is > supposed to work especially in a docker environment? The documentation > lacks anything on exposing a certificate store or how to prepopulate it > with trusted certs. Or am I blind? > > Thanks, Joachim > > > What I mean is, Guacamole's verification of server certificates is just part of the FreeRDP API - so, if you do not check the box to ignore server certificates, FreeRDP (and, thus, Guacamole) will require valid certificates. In order to properly configure this, you need to create a certificate store in the location that the FreeRDP libraries expect so that it can look up those certificates and validate them. In this respect, Guacamole does not given any options for configuring the location of that certificate store nor for adding certificates to the store - that has to be created on the server where guacd runs, in the location where the FreeRDP libraries look. From looking at log files, looks like this should be in the home directory of the user running guacd, under the ".config/freerdp" directory. -Nick