- This topic has 5 replies, 2 voices, and was last updated 2 years, 8 months ago by ConfGen.
-
AuthorPosts
-
August 17, 2021 at 12:44 pm #106048
Hi,
Server: Windows server 2019ThinClient: DellWyse ThinOS 8.1.027
I am facing an issue related to FTP connection with SSL (FTPS).
So, what I did is at first I tried to connect through FTP and do RDP connection – it works.
The next thing I’ve done is I generated a certificate using the IIS manager.
I found it in Microsoft Management Console (MMS) and exported it at first to .pfx and then to .cer.
I’ve uploaded the first one to ThinClient using FTP – I get information that the certificate is installed and when I chose “Require SSL” on IIS manager on Windows Server and restarts Thinclient it cannot access the system profile, so it seems it cannot connect through FTP.
The same story is with second certificate.
My wnos.ini file for .pfx certificate:
Language=Us
Screen=1 Resolution=DDC
signOn=no
autoLoad=1
maxvncd=5
vncpassword=ThinCli3nt
vncprompt=0 accept=5
AddCertificate=testcertificate.pfx\
Password=123
privilage = low
include=$ip.ini
My wnos.ini file for .cer
Language=Us
Screen=1 Resolution=DDC
signOn=no
autoLoad=1
maxvncd=5
vncpassword=ThinCli3nt
vncprompt=0 accept=5
AddCertificate=dercertificate.cer
privilage = low
include=$ip.ini
August 17, 2021 at 1:41 pm #106049FTPS is not supported.
If you want to use SSL then go with https.CG
August 18, 2021 at 9:28 am #106064Thanks a lot, I was fighting with that for 3 days already. It is good to know it is not possible.
I will try with https.Do you know if SFTP (SSH) is possible?
August 18, 2021 at 3:07 pm #106073No, only ftp, http and https.
CG
August 19, 2021 at 1:21 pm #106083Thank you, for your answers.
I have another question.
I’ve generated a certificate on my server, exported it, added it to Trusted Certificates in MMC, transfered to ThinClient.
I couldn’t use option “SecurityPolicy”, so I upgraded my ThinOS and now it is possible.
I’ve set this option to “warning” and here I see the issue.
When I try to access system profile through https://servername…. ThinClient shows me a warning:
“Failed to connect to the Connection Server[192.168.160.31]
The server provided a certificate that is invalid.
Click Continue to proceed(not recommended)
Click Cancel to stop communication with the server
See below for more details:
-The certificate authority is invalid or incorrect.
-The host name in the certificate is invalid or does not match.”
My certificate host name matches the host name so it seems the certificate authority is invalid or incorrect.
My question is: does it mean the connection will not be encrypted? If yes, what can I do without internet access to the thin client and without issuing for a certificate to official CA? The thinclient is just for internal use and internal network only.
I’ve read what I did it is called “self-signed” certificate.
Maybe the connection to file server through https will be encrypted when I click “Continue” on described warning, then I could just set SecurityPolicy to “low”.
Important thing for me is that it will be secure connection through https.
ThinOS version 8.6.412
wnos.ini:
Language=us
Screen=1 Resolution=DDC
SecurityPolicy=warning
signOn=no
autoLoad=1
maxvncd=5
vncpassword=testpassword
vncprompt=0 accept=5
privilege = low
include=$ip.ini
August 20, 2021 at 2:57 pm #106096If everything is purely internal, stay with ftp. Using certificates correctly would require your own CA or official certificates.
You can add
SignOn=no EnableMessage=no
to your wnos.ini to get rid of the “ftp unsecure” warning.CG
-
AuthorPosts
- You must be logged in to reply to this topic.