New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xfreerdp thinks the gateway certificate has changed #1583

Closed
shazarlx opened this Issue Nov 10, 2013 · 1 comment

Comments

Projects
None yet
2 participants
@shazarlx
Copy link

shazarlx commented Nov 10, 2013

I think the xfreerdp is saving the gateway's fingerprint and then gets the fingerprint of the actual server I am connecting to through the gateway to. It then thinks that the gateway's certificate has changed. Using /ignore-cert is a workaround.

xfreerdp /g:remote.example.com /v:srv1 /u:srvadmin /p:password
connected to remote.example.com:443
connected to remote.example.com:443
Certificate details:
Subject: O = remote.example.com, OU = Domain Control Validated, CN = remote.example.com
Issuer: C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certificates.godaddy.com/repository, CN = Go Daddy Secure Certification Authority, serialNumber = 12345678
Thumbprint: 26:b7:22:e9:04:12:f8:43:29:e4:25:05:9d:74:f6:9f:af:e5:62:d6
The above X.509 certificate could not be verified, possibly because you do not have the CA certificate in your certificate store, or the certificate has expired. Please look at the documentation on how to create local certificate store for a private CA.
Do you trust the above certificate? (Y/N) y
TS Gateway Connection Success
The host key for remote.example.com has changed
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the host key sent by the remote host is
d3:da:b5🆎03:4d:d9:11:4c:b5:e9:70:3f:fa:4e:a5:88:c1:e3:e8
Please contact your system administrator.
Add correct host key in /home/william/.config/freerdp/known_hosts to get rid of this message.
Host key for remote.example.com has changed and you have requested strict checking.
Host key verification failed.
tls_connect: certificate not trusted, aborting.
Error: protocol security negotiation or connection failure

@akallabeth akallabeth added the gateway label Jan 8, 2018

@akallabeth akallabeth added this to the 2.0.0 milestone Jul 31, 2018

@akallabeth

This comment has been minimized.

Copy link
Member

akallabeth commented Aug 27, 2018

known_hosts2 format stores <ip|dns>:port which should already have address this.

@akallabeth akallabeth closed this Aug 27, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment