- This topic has 1 reply, 1 voice, and was last updated 11 hours, 59 minutes ago by
.
-
Posts
-
Hi!
I need to update nxd certificate on dozens of servers (ED, SBTS).
Each certificate has to be copied from remote servers to ECS to avoid authentication warnings.
How can I do that in a script after collecting all certificates of remote machines ?
Where on ECS do I have to copy certificates from these remote machines ?
Thanks,
Regards,
Steve.
Hi!
Remote nodes are on VLAN administred by local admins.
They don’t have rights on ECS that has its own dedicated admin.
I’ve analyzed the subject and if I well understand we could use –keyadd to register the public keys of nxd of remote nodes in
/var/NX/nx/.nx/config/authorized.crt on ECS.
* Local admin
Each local admin generates new 4096-bit nxd certificate (nx_host_rsa_key) and its public key (nx_host_rsa_key.crt) for all nodes on his VLAN.
A prefix is added to each key:
cp /usr/NX/etc/keys/host/nx_host_rsa_key.crt <source_hostname>_nx_host_rsa_key.crt
All the keys are sent to ECS admin.
* ECS Admin
For each pub key received :
sudo /etc/NX/nxserver –keyadd <source_hostname>_nx_host_rsa_key.crt
=> this command updates /var/NX/nx/.nx/config/authorized.crt
Q1- Please, could you validate my understanding and this procedure ?
Q2- What about inverse mode connection if nxd certificate is changed on remote node ?
Thanks,
Regards,
Steve.
You must be logged in to reply to this topic. Please login here.