You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Maxime De Cuypere <je...@gmail.com> on 2016/10/20 21:09:47 UTC

TLS between Guacd and Tomcat throwing error

Hi everyone

I've been trying for few days to setup TLS between the client and the
server butI end up with the following error :

Oct 20 23:06:45 debian guacd[1010]: Unable to set up SSL/TLS: SSL accept
failed

Here is the startup log which shows TLS support and successful startup :


Oct 20 23:05:21 debian systemd[1]: Starting LSB: Guacamole proxy daemon...
Oct 20 23:05:21 debian guacd[1007]: Guacamole proxy daemon (guacd) version
0.9.9 started
Oct 20 23:05:21 debian guacd[1005]: Starting guacd: guacd[1007]:
INFO:#011Guacamole proxy daemon (guacd) version 0.9.9 started
Oct 20 23:05:21 debian guacd[1007]: Unable to bind socket to host ::1, port
4822: Address family not supported by protocol
Oct 20 23:05:21 debian guacd[1007]: Successfully bound socket to host
127.0.0.1, port 4822
Oct 20 23:05:21 debian guacd[1007]: Communication will require SSL/TLS.
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: DEBUG:#011Unable to bind
socket to host ::1, port 4822: Address family not supported by protocol
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: DEBUG:#011Successfully
bound socket to host 127.0.0.1, port 4822
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: INFO:#011Communication
will require SSL/TLS.
Oct 20 23:05:21 debian guacd[1007]: Using PEM keyfile
/etc/ssl/private/guacd.key
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: INFO:#011Using PEM keyfile
/etc/ssl/private/guacd.key
Oct 20 23:05:21 debian guacd[1007]: Using certificate file
/etc/ssl/certs/guacd.crt
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: INFO:#011Using certificate
file /etc/ssl/certs/guacd.crt
Oct 20 23:05:21 debian guacd[1007]: Exiting and passing control to PID 1008
Oct 20 23:05:21 debian guacd[1005]: guacd[1007]: DEBUG:#011Exiting and
passing control to PID 1008
Oct 20 23:05:21 debian guacd[1005]: SUCCESS
Oct 20 23:05:21 debian systemd[1]: Started LSB: Guacamole proxy daemon.
Oct 20 23:05:21 debian guacd[1008]: Exiting and passing control to PID 1009
Oct 20 23:05:21 debian guacd[1005]: guacd[1008]: DEBUG:#011Exiting and
passing control to PID 1009
Oct 20 23:05:21 debian guacd[1009]: Listening on host 127.0.0.1, port 4822


Here is my guacd.conf :

[daemon]

pid_file = /var/run/guacd.pid
log_level = debug

[server]

bind_host = localhost
bind_port = 4822

#
# The following parameters are valid only if
# guacd was built with SSL support.
#

[ssl]

server_certificate = /etc/ssl/certs/guacd.crt
server_key = /etc/ssl/private/guacd.key

The cert and key generation:

openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out
/etc/ssl/certs/guacd.crt -keyout /etc/ssl/private/guacd.key

And then the content of my guacamole.properties shows that TLS is enabled :

guacd-ssl: true

Do you guys have any clue where the problem is ?

Thanks