Before I start tinkering...is there a supported method for changing the selected cert for both Royal Server and the Secure Gateway via CLI? Or for simply updating which cert RS uses without manual intervention? If not, it looks like I could potentially achieve this using PowerShell by updating the thumbprint listed in the appsettings.json file and then restarting the service. Is that accurate?
Use case: I use LE certs for anything Internet facing on my network and it's really annoying to have to set a reminder to change the cert.
Best Answer
H
Hans Docsek
said
about 2 years ago
There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.
For the Management Module update the key `CertThumbPrint`
For Secure Gateway update the key `GatewayFingerprint` in the section `SecureGateway`. Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.
There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.
For the Management Module update the key `CertThumbPrint`
For Secure Gateway update the key `GatewayFingerprint` in the section `SecureGateway`. Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.
I hope this helps,
Hans
1 person likes this
D
D Griffin
said
about 2 years ago
Thank you Hans!
This also explains another issue that I was having with the Secure Gateway module and certs.
D Griffin
There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.
Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.
I hope this helps,
Hans
- Oldest First
- Popular
- Newest First
Sorted by Oldest FirstHans Docsek
There is no dedicated CLI command to do this, but you can easily achieve it by simply assigning the certificates' thumbprints in appsettings.json.
Note, that the Secure Gateway component requires the certificate key to be marked exportable as it is used to prove ownership of the corresponding private key to the client in order to verify the identity of the server.
I hope this helps,
Hans
1 person likes this
D Griffin
Thank you Hans!
This also explains another issue that I was having with the Secure Gateway module and certs.
-
About this Forum
-
Use Royal Server as RD Gateway
-
Secure Gateway through Firewall
-
Where i can download new beta of Royal Server?)
-
Licensing
-
Pulling Events from Server - Calling up "Details" of the listed Evets possible?
-
MFA Usage
-
Use of "Royal Server Administrators" group and other questions
-
Royal Server, shared document, and individual credentials
-
Royal Server on Windows Core edition
See all 23 topics