ECS V8: Update nxd certificates

Forum / NoMachine Cloud Server Products / ECS V8: Update nxd certificates

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #53602
    Steve92
    Participant

    Hi!

    I need to update nxd certificate on dozens of servers (ED, SBTS).

    Each certificate has to be copied from remote servers to ECS to avoid authentication warnings.

    How can I do that in a script after collecting all certificates of remote machines ?

    Where on ECS do I have to copy certificates from these remote machines ?

    Thanks,

    Regards,

    Steve.

     

    #53631
    Steve92
    Participant

    Hi!

    Remote nodes are on VLAN administred by local admins.

    They don’t have rights on ECS that has its own dedicated admin.

    I’ve analyzed the subject and if I well understand we could use –keyadd to register the public keys of nxd of remote nodes in

    /var/NX/nx/.nx/config/authorized.crt on ECS.

    * Local admin

    Each local admin generates new 4096-bit nxd certificate (nx_host_rsa_key) and its public key (nx_host_rsa_key.crt) for all nodes on his VLAN.

    A prefix is added to each key:

    cp /usr/NX/etc/keys/host/nx_host_rsa_key.crt <source_hostname>_nx_host_rsa_key.crt

    All the keys are sent to ECS admin.

    * ECS Admin

    For each pub key received :

    sudo /etc/NX/nxserver –keyadd <source_hostname>_nx_host_rsa_key.crt

    => this command updates /var/NX/nx/.nx/config/authorized.crt

     

    Q1- Please, could you validate my understanding and this procedure ?

    Q2- What about inverse mode connection if nxd certificate is changed on remote node ?

     

    Thanks,

    Regards,

    Steve.

     

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Please login .