NoMachine admin page issue after load CA certificate

Forum / NoMachine Terminal Server Products / NoMachine admin page issue after load CA certificate

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #29423
    Aubert887
    Participant

    Hello Sirs,

    I can not open the web page admin of NoMachine but the url are certified. So this is what i have done:

    firstly, i have copy the crt file and key file provided by CA for my organisation on /usr/NX/etc/keys/host/ht_host_rsa_key and /usr/etc/keys/host/ht_rsa_key.crt, I use NoMachine Enterprise Terminal Server Evaluation – Version 6.11.2

    after that i have add the certificate for the host which i have install nomachine-enterprise-terminal-server on the directory /var/NX/nxhtd/.nx/config/client.crt. So this is the errors messages.

    Error: Failed to authorize the server certificate.
    26579 26590 15:48:49 392.227 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#12.
    26579 26590 15:48:49 392.244 Channel/Channel: WARNING! Error is 13, ‘Permission denied’.
    26579 26583 15:48:49 392.561 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    26579 26583 15:48:49 392.618 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 13, ‘Permission denied’.
    _NXThreadWrite: ERROR! No signaling channel found.
    26579 26579 15:48:49 454.911 DaemonClientApplication/DaemonClientApplication: WARNING! No client running in 0x14adef0.
    Info: Connection from 10.229.132.191 port 39322 closed on Thu Sep 10 15:48:49 2020.
    Info: Handler with pid 26589 terminated on Thu Sep 10 15:48:49 2020.
    Info: Handler started with pid 26677 on Thu Sep 10 15:49:08 2020.
    Info: Handling connection from 10.229.132.191 port 39340 on Thu Sep 10 15:49:08 2020.
    26667 26676 15:49:08 928.703 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.
    Error: Failed to authorize the server certificate.
    26667 26676 15:49:08 928.870 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#12.
    26667 26676 15:49:08 928.883 Channel/Channel: WARNING! Error is 13, ‘Permission denied’.
    26667 26670 15:49:08 929.109 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    26667 26670 15:49:08 929.163 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 13, ‘Permission denied’.
    _NXThreadWrite: ERROR! No signaling channel found.
    26667 26667 15:49:08 995.397 DaemonClientApplication/DaemonClientApplication: WARNING! No client running in 0x14adef0.
    Info: Connection from 10.229.132.191 port 39340 closed on Thu Sep 10 15:49:08 2020.
    Info: Handler with pid 26677 terminated on Thu Sep 10 15:49:08 2020.
    Info: Handler started with pid 27436 on Thu Sep 10 15:53:05 2020.
    Info: Handling connection from 10.229.132.191 port 39688 on Thu Sep 10 15:53:05 2020.
    27425 27434 15:53:05 633.221 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.
    Error: Failed to authorize the server certificate.
    27425 27434 15:53:05 633.397 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#12.
    27425 27434 15:53:05 633.414 Channel/Channel: WARNING! Error is 13, ‘Permission denied’.
    27425 27428 15:53:05 633.672 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    27425 27428 15:53:05 633.723 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 13, ‘Permission denied’.
    _NXThreadWrite: ERROR! No signaling channel found.
    27425 27425 15:53:05 694.617 DaemonClientApplication/DaemonClientApplication: WARNING! No client running in 0x14adef0.
    Info: Connection from 10.229.132.191 port 39688 closed on Thu Sep 10 15:53:05 2020.
    Info: Handler with pid 27436 terminated on Thu Sep 10 15:53:05 2020.
    Info: Handler started with pid 27493 on Thu Sep 10 15:53:08 2020.
    Info: Handling connection from 10.229.132.191 port 39696 on Thu Sep 10 15:53:08 2020.
    27484 27494 15:53:08 163.403 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.
    Error: Failed to authorize the server certificate.
    27484 27494 15:53:08 163.584 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#12.
    27484 27494 15:53:08 163.603 Channel/Channel: WARNING! Error is 13, ‘Permission denied’.
    27484 27487 15:53:08 163.946 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    27484 27487 15:53:08 164.032 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 13, ‘Permission denied’.
    _NXThreadWrite: ERROR! No signaling channel found.
    27484 27484 15:53:08 210.302 DaemonClientApplication/DaemonClientApplication: WARNING! No client running in 0x14adef0.
    Info: Connection from 10.229.132.191 port 39696 closed on Thu Sep 10 15:53:08 2020.
    Info: Handler with pid 27493 terminated on Thu Sep 10 15:53:08 2020.
    Info: Handler started with pid 27604 on Thu Sep 10 15:53:55 2020.
    Info: Handling connection from 10.229.132.191 port 39730 on Thu Sep 10 15:53:55 2020.
    27595 27605 15:53:55 901.765 Encryptor/Encryptable: ERROR! Failed to authorize the server certificate.
    Error: Failed to authorize the server certificate.
    27595 27605 15:53:55 901.909 Channel/Channel: WARNING! Runnable DaemonReader failed for FD#12.
    27595 27605 15:53:55 901.921 Channel/Channel: WARNING! Error is 13, ‘Permission denied’.
    27595 27598 15:53:55 902.358 DaemonClientApplication/DaemonClientApplication: WARNING! Session terminated abnormally.
    27595 27598 15:53:55 902.423 DaemonClientApplication/DaemonClientApplication: WARNING! Error is 13, ‘Permission denied’.
    _NXThreadWrite: ERROR! No signaling channel found.

    in addition, i have modified htd.cfg file like this

     

    RewriteEngine On
    ReWriteCond %{SERVER_PORT} !^4443$
    RewriteRule ^/(.*) https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxx:4443/nxwebplayer [R,L]

    <VirtualHost xxxxxxxxxxxxxxxxxxxxxx:4443>

    ServerAdmin you@example.com
    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/?nxwebplayer$ [NC]
    RewriteCond %{REQUEST_URI} !^/?(event|eventinit)$
    RewriteCond %{REQUEST_URI} !^/?nxplayer/(js|images|style|languages)/.*$
    RewriteCond %{REQUEST_URI} !^/?favicon.ico$
    RewriteCond %{REQUEST_URI} !^/?$
    RewriteRule ^(.*)$ – [F,L]

    SSLEngine on

    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

    #server certificate:
    SSLCertificateFile “/usr/NX/etc/keys/host/ht_host_rsa_key.crt”

    #private server key:
    SSLCertificateKeyFile “/usr/NX/etc/keys/host/ht_host_rsa_key”

    #server certificate chain:
    #SSLCertificateChainFile “/usr/NX/etc/nomachine-CA.crt”

    #Certificate Authority (CA):
    #SSLCACertificateFile “/usr/NX/etc/nomachine-CA.crt”

    SSLCipherSuite ALL:!ADH:!EXPORT56:!3DES:+HIGH:+MEDIUM:!RC4:!IDEA-CBC-SHA

    SetEnvIf User-Agent “.*MSIE.*” \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
    </VirtualHost>

     

    Do you have a solution?

     

    Cordially

    Aubert

    #29453
    fisherman
    Moderator

    Based on your information and the error you got we assume that you had overwrite client certificate that is not related to NoMachine Web access.

    please execute following commands as root user

    echo "Host:localhost" > /var/NX/nxhtd/.nx/config/client.crt
    cat /usr/NX/etc/keys/host/nx_host_rsa_key.crt >> /var/NX/nxhtd/.nx/config/client.crt
    echo "Host:127.0.0.1" >> /var/NX/nxhtd/.nx/config/client.crt
    cat /usr/NX/etc/keys/host/nx_host_rsa_key.crt >> /var/NX/nxhtd/.nx/config/client.crt
    chown nxhtd:nxhtd /var/NX/nxhtd/.nx/config/client.crt
    chmod 600 /var/NX/nxhtd/.nx/config/client.crt

    For more details you can check using these articles
    https://www.nomachine.com/DT03O00127#2
    https://www.nomachine.com/AR05P00980

    #29461
    Aubert887
    Participant

    Thanks Sirs. It’s worked 🙂

     

Viewing 3 posts - 1 through 3 (of 3 total)

This topic was marked as solved, you can't post.