github-starred/barrier
2
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-15 22:01:23 -06:00
Code Issues 1.0k Projects Packages Wiki Activity Actions

[GH-ISSUE #1377] No ssl certificate on Windows 10 (v2.4) #1069

New issue
Open
opened 2026-05-05 07:25:59 -06:00 by gitea-mirror · 43 comments
gitea-mirror commented 2026-05-05 07:25:59 -06:00
Owner
Copy link

Originally created by @knaos on GitHub (Nov 3, 2021).
Original GitHub issue: https://github.com/debauchee/barrier/issues/1377

What happened?

When installing freshly Barrier on Windows 10, the ssl key is not created.

Version

v2.4

Git commit hash (if applicable)

No response

If applicable, where did you install Barrier from?

Github Releases. Version 2.4

What OSes are you seeing the problem on? (Check all that apply)

Windows

What OS versions are you using?

Server: Windows 10
Client: Macosx 12.0.1

Relevant log output

No response

Any other information

No response

Originally created by @knaos on GitHub (Nov 3, 2021). Original GitHub issue: https://github.com/debauchee/barrier/issues/1377 ### What happened? When installing freshly Barrier on Windows 10, the ssl key is not created. ### Version v2.4 ### Git commit hash (if applicable) _No response_ ### If applicable, where did you install Barrier from? Github Releases. Version 2.4 ### What OSes are you seeing the problem on? (Check all that apply) Windows ### What OS versions are you using? Server: Windows 10 Client: Macosx 12.0.1 ### Relevant log output _No response_ ### Any other information _No response_
gitea-mirror added the
bug
 label 2026-05-05 07:25:59 -06:00
gitea-mirror commented 2026-05-05 07:26:03 -06:00
Author
Owner
Copy link

@juvin-git commented on GitHub (Nov 3, 2021):

close ssl in the setting

<!-- gh-comment-id:958760029 --> @juvin-git commented on GitHub (Nov 3, 2021): close ssl in the setting
gitea-mirror commented 2026-05-05 07:26:05 -06:00
Author
Owner
Copy link

@p12tic commented on GitHub (Nov 3, 2021):

@knaos Did you try 2.4.0? It seems like this bug should be fixed by https://github.com/debauchee/barrier/pull/979.

<!-- gh-comment-id:958978319 --> @p12tic commented on GitHub (Nov 3, 2021): @knaos Did you try 2.4.0? It seems like this bug should be fixed by https://github.com/debauchee/barrier/pull/979.
gitea-mirror commented 2026-05-05 07:26:07 -06:00
Author
Owner
Copy link

@knaos commented on GitHub (Nov 3, 2021):

@p12tic Yes, I tried with version 2.4, it was just not present in the dropdown of the issue opener.

<!-- gh-comment-id:959086089 --> @knaos commented on GitHub (Nov 3, 2021): @p12tic Yes, I tried with version 2.4, it was just not present in the dropdown of the issue opener.
gitea-mirror commented 2026-05-05 07:26:08 -06:00
Author
Owner
Copy link

@knaos commented on GitHub (Nov 3, 2021):

You can see that even though the SSL is enabled in the settings, the SSL Fingerpring is shown as Disabled
image

<!-- gh-comment-id:959095025 --> @knaos commented on GitHub (Nov 3, 2021): You can see that even though the SSL is enabled in the settings, the SSL Fingerpring is shown as Disabled ![image](https://user-images.githubusercontent.com/7912102/140070028-13412f7f-87a2-4fa0-892b-3ba7c5d2399a.png)
gitea-mirror commented 2026-05-05 07:26:09 -06:00
Author
Owner
Copy link

@Claudweb commented on GitHub (Nov 3, 2021):

Having exactly the same issue. Just tried installing barrier today for the first time on two Windows 10 machines and couldn't get it working. The log showed

[2021-11-03T14:45:49] INFO: OpenSSL 1.0.2l 25 May 2017
[2021-11-03T14:45:49] ERROR: ssl certificate doesn't exist: C:\Users...\AppData\Local\Barrier\SSL\Barrier.pem

After disabling SSL in the settings it finally started working.

<!-- gh-comment-id:959145172 --> @Claudweb commented on GitHub (Nov 3, 2021): Having exactly the same issue. Just tried installing barrier today for the first time on two Windows 10 machines and couldn't get it working. The log showed [2021-11-03T14:45:49] INFO: OpenSSL 1.0.2l 25 May 2017 [2021-11-03T14:45:49] ERROR: ssl certificate doesn't exist: C:\Users\...\AppData\Local\Barrier\SSL\Barrier.pem After disabling SSL in the settings it finally started working.
gitea-mirror commented 2026-05-05 07:26:11 -06:00
Author
Owner
Copy link

@Endorphine71 commented on GitHub (Nov 3, 2021):

Yeah, I had the same issue. No SSL certificate is ever created.

I went back to the previous version and didn't have any issues. This is on Windows 11 Home and connecting to a MacBook Pro M1 with MacOS Monterey.

<!-- gh-comment-id:960268805 --> @Endorphine71 commented on GitHub (Nov 3, 2021): Yeah, I had the same issue. No SSL certificate is ever created. I went back to the previous version and didn't have any issues. This is on Windows 11 Home and connecting to a MacBook Pro M1 with MacOS Monterey.
gitea-mirror commented 2026-05-05 07:26:12 -06:00
Author
Owner
Copy link

@Nikarous commented on GitHub (Nov 4, 2021):

https://github.com/debauchee/barrier/issues/231#issuecomment-958800595 workaround

<!-- gh-comment-id:960535252 --> @Nikarous commented on GitHub (Nov 4, 2021): https://github.com/debauchee/barrier/issues/231#issuecomment-958800595 workaround
gitea-mirror commented 2026-05-05 07:26:13 -06:00
Author
Owner
Copy link

@cfarvidson commented on GitHub (Nov 6, 2021):

I had the same problem on MacOS Monterey. Solved it with the mentioned workaround.

<!-- gh-comment-id:962421477 --> @cfarvidson commented on GitHub (Nov 6, 2021): I had the same problem on MacOS Monterey. Solved it with the mentioned workaround.
gitea-mirror commented 2026-05-05 07:26:14 -06:00
Author
Owner
Copy link

@qavnjdusagon commented on GitHub (Nov 7, 2021):

I just installed Barrier on GNU/Linux (Trisquel 9), compiled as indicated in the wiki, about says 2.4.0-release-4ed01413, I have exactly the same problem. The workaround indicated solved it, but only after I deactivated and reactivated SSL.

<!-- gh-comment-id:962628619 --> @qavnjdusagon commented on GitHub (Nov 7, 2021): I just installed Barrier on GNU/Linux (Trisquel 9), compiled as indicated in the wiki, about says 2.4.0-release-4ed01413, I have exactly the same problem. The workaround indicated solved it, but only after I deactivated and reactivated SSL.
gitea-mirror commented 2026-05-05 07:26:14 -06:00
Author
Owner
Copy link

@joel-williams commented on GitHub (Nov 9, 2021):

Same issue as @cfarvidson above, also does not seem to be resolved by disabling SSL. The app reports that SSL fingerprinting is disabled, but the connection between client and server still doesn't work. Logs show SSL errors due to missing cert.

Screen Shot 2021-11-09 at 12 35 56 pm
<!-- gh-comment-id:963733856 --> @joel-williams commented on GitHub (Nov 9, 2021): Same issue as @cfarvidson above, also does not seem to be resolved by disabling SSL. The app reports that SSL fingerprinting is disabled, but the connection between client and server still doesn't work. Logs show SSL errors due to missing cert. <img width="1037" alt="Screen Shot 2021-11-09 at 12 35 56 pm" src="https://user-images.githubusercontent.com/22196555/140845800-70416e2a-9cb7-4c07-b127-2cf8b240cdea.png">
gitea-mirror commented 2026-05-05 07:26:16 -06:00
Author
Owner
Copy link

@pjank commented on GitHub (Nov 9, 2021):

Found this "issue" after struggling with the same problem for a while and found my own "workaround".

Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody:

  1. Installed Barrier 2.4.0 first time on a PC (Win10).
    Couldn't connect (with SSL enabled) due to the missing cert file.
    And the "SSL Fingerprint" row in the UI was showing "Disabled".
  2. Tried generating it manually (based on these instructions) - the openssl.exe step failed due to "barrier.conf not found". And it sure was missing (in Program Files\Barrier).
    And BTW I imagine the workaround linked in the comment above would also fail for the same reason.
  3. Tried to figure out what should be in that file...
    Found the few "examples" here. But no, that's a totally different type of barrier.conf file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config.
  4. As last resort - uninstalled 2.4.0, cleared all leftovers (just in case: registry, app data), downloaded and installed v2.3.4. And viola - the SSL cert was created automagically. Then installed 2.4.0 again. And all works!
<!-- gh-comment-id:964405608 --> @pjank commented on GitHub (Nov 9, 2021): Found this "issue" after struggling with the same problem for a while and found my own "workaround". Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody: 1) Installed Barrier 2.4.0 first time on a PC (Win10). Couldn't connect (with SSL enabled) due to the missing cert file. And the "SSL Fingerprint" row in the UI was showing "Disabled". 3) Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier). And BTW I imagine the workaround linked in the comment above would also fail for the same reason. 4) Tried to figure out what should be in that file... Found the few "examples" [here](https://github.com/debauchee/barrier/tree/master/doc). But no, that's a totally different type of _barrier.conf_ file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config. 5) As last resort - **uninstalled 2.4.0**, cleared all leftovers (just in case: registry, app data), downloaded and **installed v2.3.4**. And viola - the SSL cert was created automagically. Then **installed 2.4.0 again**. And all works!
gitea-mirror commented 2026-05-05 07:26:17 -06:00
Author
Owner
Copy link

@albertony commented on GitHub (Nov 10, 2021):

2. Tried generating it manually (based on these instructions) - the openssl.exe step failed due to "barrier.conf not found". And it sure was missing (in Program Files\Barrier).
And BTW I imagine the workaround linked in the comment above would also fail for the same reason.

There is a pull request for updating those instructions according to v2.4. Basically you will have to install OpenSSL separately now, to do the manual setup. As you found out, the OpenSSL config file barrier.conf is not included anymore, and also the version of the included openssl executable is quite old. This is related to Barrier no longer using it to generate certificate/fingerprint, but uses library functions instead.

<!-- gh-comment-id:965006652 --> @albertony commented on GitHub (Nov 10, 2021): > 2\. Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier). > And BTW I imagine the workaround linked in the comment above would also fail for the same reason. There is a pull request for updating those instructions according to v2.4. Basically you will have to install OpenSSL separately now, to do the manual setup. As you found out, the OpenSSL config file barrier.conf is not included anymore, and also the version of the included openssl executable is quite old. This is related to Barrier no longer using it to generate certificate/fingerprint, but uses library functions instead.
gitea-mirror commented 2026-05-05 07:26:18 -06:00
Author
Owner
Copy link

@albertony commented on GitHub (Nov 10, 2021):

@p12tic : I wonder if the following line is causing cert not being created in v2.4, shouldn't it open the file in mode "w"?

2db65f0866/src/lib/net/SecureUtils.cpp (L193)

<!-- gh-comment-id:965129129 --> @albertony commented on GitHub (Nov 10, 2021): @p12tic : I wonder if the following line is causing cert not being created in v2.4, shouldn't it open the file in mode "w"? https://github.com/debauchee/barrier/blob/2db65f0866ece77a5e5abba6fe8501399c77eaed/src/lib/net/SecureUtils.cpp#L193
gitea-mirror commented 2026-05-05 07:26:19 -06:00
Author
Owner
Copy link

@albertony commented on GitHub (Nov 12, 2021):

The suggested change has been merged to master, and it fixes my issue: Barrier now creates certificate and fingerprint on first launch on Windows 10.

Beta build available here: https://dev.azure.com/debauchee/Barrier/_build/results?buildId=759&view=artifacts&pathAsName=false&type=publishedArtifacts

<!-- gh-comment-id:967325898 --> @albertony commented on GitHub (Nov 12, 2021): The suggested change has been merged to master, and it fixes my issue: Barrier now creates certificate and fingerprint on first launch on Windows 10. Beta build available here: https://dev.azure.com/debauchee/Barrier/_build/results?buildId=759&view=artifacts&pathAsName=false&type=publishedArtifacts
gitea-mirror commented 2026-05-05 07:26:20 -06:00
Author
Owner
Copy link

@Gbrothers1 commented on GitHub (Dec 15, 2021):

Here is my experience for windows 10 users, and I know have a complete understanding I think of how to solve the issue.

Steps: (How to get SSL working on windows)

  1. Install Barrier.exe onto windows 10 machine, and configure as normal. (Fresh Install)
    (Error) Failed to generate SSL Certificate...
  2. Install Git for windows (Fresh) using standard configurations and options
  3. cd to the file path '/c/Users/Ethan/AppData/Local/Barrier/SSL" and run the following command
  4. $ openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
  • This will generate the "Barrier.pem" file and output in the current directory
  • If you don't include the two forward slashes before the "-subj" then bash will translate the parameter path to "C:Program Files/Git/CN=Barrier" this is called a POSIX-WIndows Path Conversion here
  1. Restart Barrier Client via "Reload" Button.
  2. Should work now

This same step will have to be performed on macOS Monterey as well running on M1 processor with the latest updates and patches.

Steps:

  1. Download and install Barrier.dmg
  2. Configure as normal for client/server operation.
  3. Open terminal and cd to the following directory '/Applications/Barrier.app/Contents/MacOS' and excite the command bellow:
    $ openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
  4. Reload the server or client and you should have working SSL

Notes:

  • I completed this install on two machines a M1 MacBook Pro M1 (2021) and a Windows 10 based Dell Inspiron i5-x64 (2017 model), after allowing network permission which was an issue on the MacOS Monetary, had to specifically add all the programs "barrier" in System Settings / Security & Privacy / Accessibility and allow network permissions.
  • Also minor wifi issues occur with different network modules speeds, my windows machine us running 802.11b/g/n connected to an 802.11ac wifi-router, where my M1 has an 802.11ac model and this has made a significant disadvantage in latency as I'm currently setup in my office about 30 feet away from the router.
<!-- gh-comment-id:994231023 --> @Gbrothers1 commented on GitHub (Dec 15, 2021): Here is my experience for windows 10 users, and I know have a complete understanding I think of how to solve the issue. Steps: (How to get SSL working on windows) 1. Install Barrier.exe onto windows 10 machine, and configure as normal. (Fresh Install) (Error) Failed to generate SSL Certificate... 2. Install Git for windows (Fresh) using standard configurations and options 3. cd to the file path '/c/Users/Ethan/AppData/Local/Barrier/SSL" and run the following command 4. $ openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem - This will generate the "Barrier.pem" file and output in the current directory - If you don't include the two forward slashes before the "-subj" then bash will translate the parameter path to "C:Program Files/Git/CN=Barrier" this is called a POSIX-WIndows Path Conversion [here](https://github.com/git-for-windows/git/issues/577#issuecomment-166118846) 5. Restart Barrier Client via "Reload" Button. 6. Should work now This same step will have to be performed on macOS Monterey as well running on M1 processor with the latest updates and patches. Steps: 1. Download and install Barrier.dmg 2. Configure as normal for client/server operation. 3. Open terminal and cd to the following directory '/Applications/Barrier.app/Contents/MacOS' and excite the command bellow: `$ openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem` 4. Reload the server or client and you should have working SSL Notes: - I completed this install on two machines a M1 MacBook Pro M1 (2021) and a Windows 10 based Dell Inspiron i5-x64 (2017 model), after allowing network permission which was an issue on the MacOS Monetary, had to specifically add all the programs "barrier" in System Settings / Security & Privacy / Accessibility and allow network permissions. - Also minor wifi issues occur with different network modules speeds, my windows machine us running 802.11b/g/n connected to an 802.11ac wifi-router, where my M1 has an 802.11ac model and this has made a significant disadvantage in latency as I'm currently setup in my office about 30 feet away from the router.
gitea-mirror commented 2026-05-05 07:26:21 -06:00
Author
Owner
Copy link

@shodanx2 commented on GitHub (Dec 16, 2021):

Hello,

Trying out barrier for the first time (I last used synergy in 2003-2004ish)

My setup is a windows 10 computer driving a center monitor and two raspberry pi controlling two monitors stacked on top of each other on either side of the main monitor

windows 10 version 2.4.0 compiled nov 2021
on RPiOS, installed using apt, version october 2018

Started everything on all computers

First got this error

image

(Been trying this out since last week but didn't have time to try more things until today now that I found this thread !)

I disabled SSL in server

After reloading the server, the clients would connect/disconnect for no apparent reason

image

So I went in the clients and also disabled SSL

Seems to work

image

--tangent 1
The new clients didn't appear in server configurator, but it was as easy as clicking a blank square and typing my client hostname s in screen names

--tangent 2
I've been playing with it about 1 minute, it appears to work really great. Only visual weirdness I'm having is that if a window is focused, it gets defocused when my cursor crosses the monitor boundary but I feel that is something easily configurable somewhere

Ah found it, in each "screen name" I checked "fix preserve focus" why is this not the default ? (oh, this doesn't work for the server apparently)

--tangent 3

This is stretching it but, what do you guys use to export/drag windows on the server to client ? Does such a thing exist yet ?

thanks

<!-- gh-comment-id:995622896 --> @shodanx2 commented on GitHub (Dec 16, 2021): Hello, Trying out barrier for the first time (I last used synergy in 2003-2004ish) My setup is a windows 10 computer driving a center monitor and two raspberry pi controlling two monitors stacked on top of each other on either side of the main monitor windows 10 version 2.4.0 compiled nov 2021 on RPiOS, installed using apt, version october 2018 Started everything on all computers First got this error ![image](https://user-images.githubusercontent.com/10621885/146349144-a3b3cf5e-f5b9-44bd-9a38-5dcb5397e215.png) (Been trying this out since last week but didn't have time to try more things until today now that I found this thread !) I disabled SSL in server After reloading the server, the clients would connect/disconnect for no apparent reason ![image](https://user-images.githubusercontent.com/10621885/146349476-f77c26c9-1b6d-438b-936f-7831acbe3361.png) So I went in the clients and also disabled SSL Seems to work ![image](https://user-images.githubusercontent.com/10621885/146349623-98ac445a-a87c-40fa-81db-e70d88dfc84a.png) --tangent 1 The new clients didn't appear in server configurator, but it was as easy as clicking a blank square and typing my client hostname s in screen names --tangent 2 I've been playing with it about 1 minute, it appears to work really great. Only visual weirdness I'm having is that if a window is focused, it gets defocused when my cursor crosses the monitor boundary but I feel that is something easily configurable somewhere Ah found it, in each "screen name" I checked "fix preserve focus" why is this not the default ? (oh, this doesn't work for the server apparently) --tangent 3 This is stretching it but, what do you guys use to export/drag windows on the server to client ? Does such a thing exist yet ? thanks
gitea-mirror commented 2026-05-05 07:26:22 -06:00
Author
Owner
Copy link

@xsentricity commented on GitHub (Jan 2, 2022):

Here is an easy workaround. Install version 2.3.2 first. Then run it and it will create the SSL certificate on windows. Once you verified it works, then download 2.4 and install it. If it gets the point where it says can't shutdown the application or something just click the button retry and that should work.

I did it twice today and it worked. Have a great new years !

<!-- gh-comment-id:1003648960 --> @xsentricity commented on GitHub (Jan 2, 2022): Here is an easy workaround. Install version 2.3.2 first. Then run it and it will create the SSL certificate on windows. Once you verified it works, then download 2.4 and install it. If it gets the point where it says can't shutdown the application or something just click the button retry and that should work. I did it twice today and it worked. Have a great new years !
gitea-mirror commented 2026-05-05 07:26:23 -06:00
Author
Owner
Copy link

@JanaSokolova commented on GitHub (Feb 28, 2022):

Found this "issue" after struggling with the same problem for a while and found my own "workaround".

Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody:

  1. Installed Barrier 2.4.0 first time on a PC (Win10).
    Couldn't connect (with SSL enabled) due to the missing cert file.
    And the "SSL Fingerprint" row in the UI was showing "Disabled".
  2. Tried generating it manually (based on these instructions) - the openssl.exe step failed due to "barrier.conf not found". And it sure was missing (in Program Files\Barrier).
    And BTW I imagine the workaround linked in the comment above would also fail for the same reason.
  3. Tried to figure out what should be in that file...
    Found the few "examples" here. But no, that's a totally different type of barrier.conf file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config.
  4. As last resort - uninstalled 2.4.0, cleared all leftovers (just in case: registry, app data), downloaded and installed v2.3.4. And viola - the SSL cert was created automagically. Then installed 2.4.0 again. And all works!

Thank you this worked for me! However now I am getting a communications error.

ERROR: failed to launch, error: process immediately stopped
[2022-02-28T11:01:01] INFO: backing off, wait=10s, failures=12
[2022-02-28T11:01:11] INFO: starting new process as privileged user
barriers.exe: unrecognized option --disable-client-cert-checking' Try barriers.exe --help' for more information.

<!-- gh-comment-id:1054406976 --> @JanaSokolova commented on GitHub (Feb 28, 2022): > Found this "issue" after struggling with the same problem for a while and found my own "workaround". > > Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody: > > 1. Installed Barrier 2.4.0 first time on a PC (Win10). > Couldn't connect (with SSL enabled) due to the missing cert file. > And the "SSL Fingerprint" row in the UI was showing "Disabled". > 2. Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier). > And BTW I imagine the workaround linked in the comment above would also fail for the same reason. > 3. Tried to figure out what should be in that file... > Found the few "examples" [here](https://github.com/debauchee/barrier/tree/master/doc). But no, that's a totally different type of _barrier.conf_ file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config. > 4. As last resort - **uninstalled 2.4.0**, cleared all leftovers (just in case: registry, app data), downloaded and **installed v2.3.4**. And viola - the SSL cert was created automagically. Then **installed 2.4.0 again**. And all works! Thank you this worked for me! However now I am getting a communications error. ERROR: failed to launch, error: process immediately stopped [2022-02-28T11:01:01] INFO: backing off, wait=10s, failures=12 [2022-02-28T11:01:11] INFO: starting new process as privileged user barriers.exe: unrecognized option `--disable-client-cert-checking' Try `barriers.exe --help' for more information.
gitea-mirror commented 2026-05-05 07:26:25 -06:00
Author
Owner
Copy link

@TomLewis commented on GitHub (Mar 19, 2022):

@Gbrothers1

ERROR: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib :(

<!-- gh-comment-id:1073045741 --> @TomLewis commented on GitHub (Mar 19, 2022): @Gbrothers1 `ERROR: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib` :(
gitea-mirror commented 2026-05-05 07:26:25 -06:00
Author
Owner
Copy link

@alansenairj commented on GitHub (Apr 11, 2022):

I am using version 2.4. I put it to work just putting Barrier.pem generated at client on server.
The file in windows is located at: C:\Users\ALAN\AppData\Local\Barrier\SSL
You must copy it to Linux path: cp Barrier.pem /home/yourusername/.local/share/barrier/SSL

Reload client activating SSL
image

Just reload server and it is done. Check logs to see if it is working.

<!-- gh-comment-id:1095024372 --> @alansenairj commented on GitHub (Apr 11, 2022): I am using version 2.4. I put it to work just putting Barrier.pem generated at client on server. The file in windows is located at: C:\Users\ALAN\AppData\Local\Barrier\SSL You must copy it to Linux path: cp Barrier.pem /home/yourusername/.local/share/barrier/SSL Reload client activating SSL ![image](https://user-images.githubusercontent.com/20565821/162745132-9faad79c-687d-4182-bc02-46ba622f6b66.png) Just reload server and it is done. Check logs to see if it is working.
gitea-mirror commented 2026-05-05 07:26:27 -06:00
Author
Owner
Copy link

@JgBr123 commented on GitHub (Apr 12, 2022):

Here is an easy workaround. Install version 2.3.2 first. Then run it and it will create the SSL certificate on windows. Once you verified it works, then download 2.4 and install it. If it gets the point where it says can't shutdown the application or something just click the button retry and that should work.

I did it twice today and it worked. Have a great new years !

This solved the issue. Thank you !

<!-- gh-comment-id:1095774983 --> @JgBr123 commented on GitHub (Apr 12, 2022): > Here is an easy workaround. Install version 2.3.2 first. Then run it and it will create the SSL certificate on windows. Once you verified it works, then download 2.4 and install it. If it gets the point where it says can't shutdown the application or something just click the button retry and that should work. > > I did it twice today and it worked. Have a great new years ! This solved the issue. Thank you !
gitea-mirror commented 2026-05-05 07:26:28 -06:00
Author
Owner
Copy link

@JanaSokolova commented on GitHub (Apr 12, 2022):

Thanks guys, I'm sorry to say, I did the download of the old version and it didn't work for me. So I abandoned the ship completely and swam over to input director. That application was easier to set up. Thanks for taking the time to answer everyone.

<!-- gh-comment-id:1095814873 --> @JanaSokolova commented on GitHub (Apr 12, 2022): Thanks guys, I'm sorry to say, I did the download of the old version and it didn't work for me. So I abandoned the ship completely and swam over to input director. That application was easier to set up. Thanks for taking the time to answer everyone.
gitea-mirror commented 2026-05-05 07:26:29 -06:00
Author
Owner
Copy link

@shodanx2 commented on GitHub (Apr 12, 2022):

The app should generate ask the user if they want to generate a self-signed certificate, and then create one and put it in the right place and put the reference to it in the config file.

<!-- gh-comment-id:1096327762 --> @shodanx2 commented on GitHub (Apr 12, 2022): The app should generate ask the user if they want to generate a self-signed certificate, and then create one and put it in the right place and put the reference to it in the config file.
gitea-mirror commented 2026-05-05 07:26:30 -06:00
Author
Owner
Copy link

@ohadschn commented on GitHub (Apr 18, 2022):

Could someone add this to the troubleshooting wiki (and more generally, the fact that the log can be read from the GUI)?
I spent maybe an hour trying every possible troubleshooting step to no avail: https://github.com/debauchee/barrier/wiki/Troubleshooting

<!-- gh-comment-id:1101571831 --> @ohadschn commented on GitHub (Apr 18, 2022): Could someone add this to the troubleshooting wiki (and more generally, the fact that the log can be read from the GUI)? I spent maybe an hour trying every possible troubleshooting step to no avail: https://github.com/debauchee/barrier/wiki/Troubleshooting
gitea-mirror commented 2026-05-05 07:26:30 -06:00
Author
Owner
Copy link

@ToOpenSky commented on GitHub (Jul 29, 2022):

Found this "issue" after struggling with the same problem for a while and found my own "workaround".

Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody:

  1. Installed Barrier 2.4.0 first time on a PC (Win10).
    Couldn't connect (with SSL enabled) due to the missing cert file.
    And the "SSL Fingerprint" row in the UI was showing "Disabled".
  2. Tried generating it manually (based on these instructions) - the openssl.exe step failed due to "barrier.conf not found". And it sure was missing (in Program Files\Barrier).
    And BTW I imagine the workaround linked in the comment above would also fail for the same reason.
  3. Tried to figure out what should be in that file...
    Found the few "examples" here. But no, that's a totally different type of barrier.conf file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config.
  4. As last resort - uninstalled 2.4.0, cleared all leftovers (just in case: registry, app data), downloaded and installed v2.3.4. And viola - the SSL cert was created automagically. Then installed 2.4.0 again. And all works!

Thank you, step 4. worked for me.

<!-- gh-comment-id:1199899197 --> @ToOpenSky commented on GitHub (Jul 29, 2022): > Found this "issue" after struggling with the same problem for a while and found my own "workaround". > > Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody: > > 1. Installed Barrier 2.4.0 first time on a PC (Win10). > Couldn't connect (with SSL enabled) due to the missing cert file. > And the "SSL Fingerprint" row in the UI was showing "Disabled". > 2. Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier). > And BTW I imagine the workaround linked in the comment above would also fail for the same reason. > 3. Tried to figure out what should be in that file... > Found the few "examples" [here](https://github.com/debauchee/barrier/tree/master/doc). But no, that's a totally different type of _barrier.conf_ file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config. > 4. As last resort - **uninstalled 2.4.0**, cleared all leftovers (just in case: registry, app data), downloaded and **installed v2.3.4**. And viola - the SSL cert was created automagically. Then **installed 2.4.0 again**. And all works! Thank you, step 4. worked for me.
gitea-mirror commented 2026-05-05 07:26:32 -06:00
Author
Owner
Copy link

@ToOpenSky commented on GitHub (Jul 29, 2022):

Thank you very much. Step 4. is the important one, double slash "//".

<!-- gh-comment-id:1199941938 --> @ToOpenSky commented on GitHub (Jul 29, 2022): > Thank you very much. Step 4. is the important one, double slash "//".
gitea-mirror commented 2026-05-05 07:26:35 -06:00
Author
Owner
Copy link

@ohadschn commented on GitHub (Jul 30, 2022):

Unfortunately this has been broken for almost a year with no release (fixing this or otherwise).
Synergy on the other hand just released 11 days ago (needless to say, it does not suffer from this issue)...
You can get the (almost) latest binaries here: https://github.com/DEAKSoftware/Synergy-Binaries

<!-- gh-comment-id:1200129838 --> @ohadschn commented on GitHub (Jul 30, 2022): Unfortunately this has been broken for almost a year with no release (fixing this or otherwise). Synergy on the other hand just released 11 days ago (needless to say, it does not suffer from this issue)... You can get the (almost) latest binaries here: https://github.com/DEAKSoftware/Synergy-Binaries
gitea-mirror commented 2026-05-05 07:26:35 -06:00
Author
Owner
Copy link

@halfbeing commented on GitHub (Oct 30, 2022):

Yes, this is still completely broken.

I tried loads of solutions suggested above, but none worked. Copying the SSL certificate to the server didn't work. Going back to version 2.3.2 worked in Windows, but it is impossible to install and configure on MacOS Ventura, and would probably be quite a headache to do in Linux (I didn't even bother trying that). I tried running that openssl command in MacOS, but it doesn't recommend the command openssl.

Broken for a year. This looks like abandonware. I'll try Synergy.

<!-- gh-comment-id:1296052604 --> @halfbeing commented on GitHub (Oct 30, 2022): Yes, this is still completely broken. I tried loads of solutions suggested above, but none worked. Copying the SSL certificate to the server didn't work. Going back to version 2.3.2 worked in Windows, but it is impossible to install and configure on MacOS Ventura, and would probably be quite a headache to do in Linux (I didn't even bother trying that). I tried running that openssl command in MacOS, but it doesn't recommend the command openssl. Broken for a year. This looks like abandonware. I'll try Synergy.
gitea-mirror commented 2026-05-05 07:26:36 -06:00
Author
Owner
Copy link

@shodanx2 commented on GitHub (Oct 30, 2022):

I'm curious, if you just put in a self signed .pen certificate, would it work ?

<!-- gh-comment-id:1296254306 --> @shodanx2 commented on GitHub (Oct 30, 2022): I'm curious, if you just put in a self signed .pen certificate, would it work ?
gitea-mirror commented 2026-05-05 07:26:38 -06:00
Author
Owner
Copy link

@halfbeing commented on GitHub (Oct 30, 2022):

Yes it will.

I eventually discovered that I had made a clumsy copy-paste before my previous comment, which was why I failed to create an SSL certificate when I tried. You can in fact create an SSL certificate on the Barrier server which will make it work properly.

I did this on a Mac, but I have read that this works on Linux as well, so I think it should work on Windows (maybe you have to install openssl first – that I don't know for certain). The command should be exactly the same. Only the path of the Barrier SSL folder in which you execute it will be different. This is what you do:

  1. Open a terminal in the Barrier SSL folder on the server machine.
  2. Execute the following command:
    openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
  3. Click "Reload" in the Barrier user interface on the server machine to restart the server.
  4. After a while, you will get popups on your client machines asking you to accept the SSL certificate. Accept it.
<!-- gh-comment-id:1296314929 --> @halfbeing commented on GitHub (Oct 30, 2022): Yes it will. I eventually discovered that I had made a clumsy copy-paste before my previous comment, which was why I failed to create an SSL certificate when I tried. You can in fact create an SSL certificate on the Barrier server which will make it work properly. I did this on a Mac, but I have read that this works on Linux as well, so I think it should work on Windows (maybe you have to install openssl first – that I don't know for certain). The command should be exactly the same. Only the path of the Barrier SSL folder in which you execute it will be different. This is what you do: 1. Open a terminal in the Barrier SSL folder on the server machine. 2. Execute the following command: openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem 3. Click "Reload" in the Barrier user interface on the server machine to restart the server. 4. After a while, you will get popups on your client machines asking you to accept the SSL certificate. Accept it.
gitea-mirror commented 2026-05-05 07:26:39 -06:00
Author
Owner
Copy link

@DennisGentry-Zoetis commented on GitHub (Jan 3, 2023):

Hi,

Is there any release scheduled? It's been a bit over a year since 2.4.0, and this bug and several others have PRs and/or are already fixed in master, it's just that master seems not to be automatedly built anymore. If not, I'll pursue other solutions.

Thanks for any info you can provide!

<!-- gh-comment-id:1370267112 --> @DennisGentry-Zoetis commented on GitHub (Jan 3, 2023): Hi, Is there any release scheduled? It's been a bit over a year since 2.4.0, and this bug and several others have PRs and/or are already fixed in master, it's just that master seems not to be automatedly built anymore. If not, I'll pursue other solutions. Thanks for any info you can provide!
gitea-mirror commented 2026-05-05 07:26:40 -06:00
Author
Owner
Copy link

@jfranco09 commented on GitHub (Jan 5, 2023):

Found this "issue" after struggling with the same problem for a while and found my own "workaround".

Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody:

1. Installed Barrier 2.4.0 first time on a PC (Win10).
   Couldn't connect (with SSL enabled) due to the missing cert file.
   And the "SSL Fingerprint" row in the UI was showing "Disabled".

2. Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier).
   And BTW I imagine the workaround linked in the comment above would also fail for the same reason.

3. Tried to figure out what should be in that file...
   Found the few "examples" [here](https://github.com/debauchee/barrier/tree/master/doc). But no, that's a totally different type of _barrier.conf_ file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config.

4. As last resort - **uninstalled 2.4.0**, cleared all leftovers (just in case: registry, app data), downloaded and **installed v2.3.4**. And viola - the SSL cert was created automagically. Then **installed 2.4.0 again**. And all works!

This did the trick for me

<!-- gh-comment-id:1372663674 --> @jfranco09 commented on GitHub (Jan 5, 2023): > Found this "issue" after struggling with the same problem for a while and found my own "workaround". > > Here's my story (aside from other trial-and-error steps, skipped for clarity), maybe this helps somebody: > > 1. Installed Barrier 2.4.0 first time on a PC (Win10). > Couldn't connect (with SSL enabled) due to the missing cert file. > And the "SSL Fingerprint" row in the UI was showing "Disabled". > > 2. Tried generating it manually (based on [these instructions](https://github.com/debauchee/barrier/wiki/Command-Line#generating-certificate-and-fingerprint)) - the `openssl.exe` step failed due to "**barrier.conf not found**". And it sure was missing (in Program Files\Barrier). > And BTW I imagine the workaround linked in the comment above would also fail for the same reason. > > 3. Tried to figure out what should be in that file... > Found the few "examples" [here](https://github.com/debauchee/barrier/tree/master/doc). But no, that's a totally different type of _barrier.conf_ file. Why do we use the same name for 2 different things? One is Barrier screens config, another is OpenSSL config. > > 4. As last resort - **uninstalled 2.4.0**, cleared all leftovers (just in case: registry, app data), downloaded and **installed v2.3.4**. And viola - the SSL cert was created automagically. Then **installed 2.4.0 again**. And all works! This did the trick for me
gitea-mirror commented 2026-05-05 07:26:41 -06:00
Author
Owner
Copy link

@haukened commented on GitHub (Jun 15, 2023):

To fix this for Windows installs, you can run the following with PowerShell as admin during (or after) install without any additional software requirements:

$cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable

# Public key to Base64
$CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')

# Private key to Base64
$RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
$KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
$KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks)

# Put it all together
$Pem = @"
-----BEGIN PRIVATE KEY-----
$KeyBase64
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
$CertBase64
-----END CERTIFICATE-----
"@

# Output to file
$Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii

Thanks to @murphyne for making this work for the current user, and not requiring a username change!

<!-- gh-comment-id:1593695744 --> @haukened commented on GitHub (Jun 15, 2023): To fix this for Windows installs, you can run the following with PowerShell **_as admin_** during (or after) install without any additional software requirements: ``` $cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable # Public key to Base64 $CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks') # Private key to Base64 $RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert) $KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob) $KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks) # Put it all together $Pem = @" -----BEGIN PRIVATE KEY----- $KeyBase64 -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- $CertBase64 -----END CERTIFICATE----- "@ # Output to file $Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii ``` Thanks to @murphyne for making this work for the current user, and not requiring a username change!
gitea-mirror commented 2026-05-05 07:26:42 -06:00
Author
Owner
Copy link

@dilipprasad commented on GitHub (Jun 16, 2023):

To fix this for Windows installs, you can run the following with PowerShell as admin during (or after) install without any additional software requirements:

$cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable

# Public key to Base64
$CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')

# Private key to Base64
$RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
$KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
$KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks)

# Put it all together
$Pem = @"
-----BEGIN PRIVATE KEY-----
$KeyBase64
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
$CertBase64
-----END CERTIFICATE-----
"@

# Output to file
$Pem | Out-File -FilePath C:\Users\<your-username>\AppData\Local\Barrier\SSL\Barrier.pem -Encoding Ascii

Be sure to change to your user!

After too many tries, this worked for me to connect and generate ssl certificate and i could connect to other machine now.
Thanks

<!-- gh-comment-id:1594220868 --> @dilipprasad commented on GitHub (Jun 16, 2023): > To fix this for Windows installs, you can run the following with PowerShell **_as admin_** during (or after) install without any additional software requirements: > > ``` > $cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable > > # Public key to Base64 > $CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks') > > # Private key to Base64 > $RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert) > $KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob) > $KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks) > > # Put it all together > $Pem = @" > -----BEGIN PRIVATE KEY----- > $KeyBase64 > -----END PRIVATE KEY----- > -----BEGIN CERTIFICATE----- > $CertBase64 > -----END CERTIFICATE----- > "@ > > # Output to file > $Pem | Out-File -FilePath C:\Users\<your-username>\AppData\Local\Barrier\SSL\Barrier.pem -Encoding Ascii > ``` > > Be sure to change to your user! After too many tries, this worked for me to connect and generate ssl certificate and i could connect to other machine now. Thanks
gitea-mirror commented 2026-05-05 07:26:43 -06:00
Author
Owner
Copy link

@murphyne commented on GitHub (Jun 16, 2023):

To get the script to work with any current user, you can replace C:\Users\<your-username>\AppData\Local with $env:LOCALAPPDATA.

Like this:

$Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii
<!-- gh-comment-id:1594412296 --> @murphyne commented on GitHub (Jun 16, 2023): To get the script to work with any current user, you can replace `C:\Users\<your-username>\AppData\Local` with `$env:LOCALAPPDATA`. Like this: ``` $Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii ```
gitea-mirror commented 2026-05-05 07:26:44 -06:00
Author
Owner
Copy link

@frischeDaten commented on GitHub (Aug 24, 2023):

Steps: (How to get SSL working on windows)

  1. Install Barrier.exe onto windows 10 machine, and configure as normal. (Fresh Install)
    (Error) Failed to generate SSL Certificate...
  2. Install Git for windows (Fresh) using standard configurations and options
  3. cd to the file path '/c/Users/Ethan/AppData/Local/Barrier/SSL" and run the following command
  4. $ openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
  • This will generate the "Barrier.pem" file and output in the current directory
  • If you don't include the two forward slashes before the "-subj" then bash will translate the parameter path to "C:Program Files/Git/CN=Barrier" this is called a POSIX-WIndows Path Conversion here

Thanks, works for me on Windows 11, I just installed openssl 3 instead of git, though

<!-- gh-comment-id:1692545424 --> @frischeDaten commented on GitHub (Aug 24, 2023): > Steps: (How to get SSL working on windows) > > 1. Install Barrier.exe onto windows 10 machine, and configure as normal. (Fresh Install) > (Error) Failed to generate SSL Certificate... > 2. Install Git for windows (Fresh) using standard configurations and options > 3. cd to the file path '/c/Users/Ethan/AppData/Local/Barrier/SSL" and run the following command > 4. $ openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem > > * This will generate the "Barrier.pem" file and output in the current directory > * If you don't include the two forward slashes before the "-subj" then bash will translate the parameter path to "C:Program Files/Git/CN=Barrier" this is called a POSIX-WIndows Path Conversion [here](https://github.com/git-for-windows/git/issues/577#issuecomment-166118846) Thanks, works for me on Windows 11, I just installed openssl 3 instead of git, though
gitea-mirror commented 2026-05-05 07:26:45 -06:00
Author
Owner
Copy link

@ssokolow commented on GitHub (Aug 24, 2023):

I find that, if the intent isn't to have Git for Windows or OpenSSL or something else like that installed for other reasons (eg. on my firewalled-off-from-the-Internet Win7 "game console except not a console"), it's easiest to just install Barrier 2.3.4, let it generate the cert, and then upgrade to 2.4.0.

<!-- gh-comment-id:1692561381 --> @ssokolow commented on GitHub (Aug 24, 2023): I find that, if the intent isn't to have Git for Windows or OpenSSL or something else like that installed for other reasons (eg. on my firewalled-off-from-the-Internet Win7 "game console except not a console"), it's easiest to just install Barrier 2.3.4, let it generate the cert, and then upgrade to 2.4.0.
gitea-mirror commented 2026-05-05 07:26:46 -06:00
Author
Owner
Copy link

@haukened commented on GitHub (Aug 25, 2023):

@murphyne quick question, this needs to be run as admin in order to get the crypto commands, is $env in that context still mapped to current user? Or system? I'm not primarily a windows developer, so just wanted to make sure.

To get the script to work with any current user, you can replace C:\Users\<your-username>\AppData\Local with $env:LOCALAPPDATA.

Like this:


$Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii
<!-- gh-comment-id:1692594580 --> @haukened commented on GitHub (Aug 25, 2023): @murphyne quick question, this needs to be run _as admin_ in order to get the crypto commands, is $env in that context still mapped to current user? Or system? I'm not primarily a windows developer, so just wanted to make sure. > To get the script to work with any current user, you can replace `C:\Users\<your-username>\AppData\Local` with `$env:LOCALAPPDATA`. > > > > Like this: > > ``` > > $Pem | Out-File -FilePath $env:LOCALAPPDATA\Barrier\SSL\Barrier.pem -Encoding Ascii > > ```
gitea-mirror commented 2026-05-05 07:26:46 -06:00
Author
Owner
Copy link

@murphyne commented on GitHub (Aug 28, 2023):

@murphyne quick question, this needs to be run as admin in order to get the crypto commands, is $env in that context still mapped to current user? Or system? I'm not primarily a windows developer, so just wanted to make sure.

@haukened
Yeah, you were right to hesitate. There appears to be a problem if the current user is not an admin. In that case, environment variables in elevated shell are mapped to the admin user. I'll see what can be done to work around that.

<!-- gh-comment-id:1694865453 --> @murphyne commented on GitHub (Aug 28, 2023): > @murphyne quick question, this needs to be run _as admin_ in order to get the crypto commands, is $env in that context still mapped to current user? Or system? I'm not primarily a windows developer, so just wanted to make sure. @haukened Yeah, you were right to hesitate. There appears to be a problem if the current user is not an admin. In that case, environment variables in elevated shell are mapped to the admin user. I'll see what can be done to work around that.
gitea-mirror commented 2026-05-05 07:26:47 -06:00
Author
Owner
Copy link

@haukened commented on GitHub (Aug 28, 2023):

My first thought is to make a self elevating script, that gathers the current user, then elevates and re-launches with the user as a passed parameter.

<!-- gh-comment-id:1694869300 --> @haukened commented on GitHub (Aug 28, 2023): My first thought is to make a self elevating script, that gathers the current user, then elevates and re-launches with the user as a passed parameter.
gitea-mirror commented 2026-05-05 07:26:47 -06:00
Author
Owner
Copy link

@murphyne commented on GitHub (Aug 28, 2023):

I did something similar. But it is still not a robust solution.
The self-elevating script must be run as a user, but there is a chance that it will be run as an admin, in which case the environment variables would point to admin. Perhaps it's best to leave the path hardcoded.

$Command = {
$cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable

# Public key to Base64
$CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')

# Private key to Base64
$RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert)
$KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob)
$KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks)

# Put it all together
$Pem = @"
-----BEGIN PRIVATE KEY-----
$KeyBase64
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
$CertBase64
-----END CERTIFICATE-----
"@

# Ensure target folder exists
mkdir -p "$env:LOCALAPPDATA\Barrier\SSL" > $null

# Output to file
$Pem | Out-File -FilePath "$env:LOCALAPPDATA\Barrier\SSL\Barrier.pem" -Encoding Ascii
}

$CommandFormatted = $Command -replace '\$env:LOCALAPPDATA', $env:LOCALAPPDATA

$CommandEncoded = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($CommandFormatted))

Start-Process -Wait -WindowStyle Hidden -FilePath powershell.exe -Verb RunAs -ArgumentList "-EncodedCommand $CommandEncoded"
<!-- gh-comment-id:1695535900 --> @murphyne commented on GitHub (Aug 28, 2023): I did something similar. But it is still not a robust solution. The self-elevating script must be run as a user, but there is a chance that it will be run as an admin, in which case the environment variables would point to admin. Perhaps it's best to leave the path hardcoded. ```ps1 $Command = { $cert = New-SelfSignedCertificate -DnsName Barrier -KeyExportPolicy Exportable # Public key to Base64 $CertBase64 = [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks') # Private key to Base64 $RSACng = [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::GetRSAPrivateKey($cert) $KeyBytes = $RSACng.Key.Export([System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob) $KeyBase64 = [System.Convert]::ToBase64String($KeyBytes, [System.Base64FormattingOptions]::InsertLineBreaks) # Put it all together $Pem = @" -----BEGIN PRIVATE KEY----- $KeyBase64 -----END PRIVATE KEY----- -----BEGIN CERTIFICATE----- $CertBase64 -----END CERTIFICATE----- "@ # Ensure target folder exists mkdir -p "$env:LOCALAPPDATA\Barrier\SSL" > $null # Output to file $Pem | Out-File -FilePath "$env:LOCALAPPDATA\Barrier\SSL\Barrier.pem" -Encoding Ascii } $CommandFormatted = $Command -replace '\$env:LOCALAPPDATA', $env:LOCALAPPDATA $CommandEncoded = [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes($CommandFormatted)) Start-Process -Wait -WindowStyle Hidden -FilePath powershell.exe -Verb RunAs -ArgumentList "-EncodedCommand $CommandEncoded" ```
gitea-mirror commented 2026-05-05 07:26:48 -06:00
Author
Owner
Copy link

@syphax commented on GitHub (Apr 1, 2024):

I had this same issue on a fresh Windows 11 machine; the Powersheel script above solved the issue.

<!-- gh-comment-id:2028985467 --> @syphax commented on GitHub (Apr 1, 2024): I had this same issue on a fresh Windows 11 machine; the Powersheel script above solved the issue.
gitea-mirror commented 2026-05-05 07:26:49 -06:00
Author
Owner
Copy link

@dexter74 commented on GitHub (Aug 1, 2024):

openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout %appdata%..\Local\Barrier\SSLBarrier.pem -out %appdata%..\Local\Barrier\SSLBarrier.pem

<!-- gh-comment-id:2263093310 --> @dexter74 commented on GitHub (Aug 1, 2024): openssl req -x509 -nodes -days 365 -subj //CN=Barrier -newkey rsa:4096 -keyout %appdata%\..\Local\Barrier\SSLBarrier.pem -out %appdata%\..\Local\Barrier\SSLBarrier.pem
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
enhancement/builds/windows-multi-versions-build
martin-furter-barrier-term
enhancement/builds/macos-universal
enhancement/builds/macos-universal-qt6-test
2.3.x
fix/lang-translation/ssl-slash-tls
feature/build/compile/32-bit
feature/build/compile/armv7
testing-framework
README-update
remotes/fork/README-update
remotes/fork/smartzeroconf
smartzeroconf
pages-devel
remotes/fork/pages-devel
pkgconfig
remotes/fork/pkgconfig
release
remotes/fork/release
v2.4.0
v2.3.4
v2.3.3
1.11.0-stable
v1.11.0-rc2
v2.3.2
v1.10.3-stable
v2.3.2-alpha
v2.3.1
v2.3.0
v1.10.2-stable
v1.10.2-rc1
v1.10.2-rc2
v2.1.2
v2.0.8-beta
v2.0.7-beta
v2.0.4-beta
v2.0.3-beta
v2.1.1
v2.1.0
v1.9.1-stable
v2.0.0
v1.9.0-stable
v2.0.0-RC2
v2.0.0-RC1
v2.0.0-stable
v1.8.8-stable
v1.8.7-stable
v1.8.6-stable
v1.8.5-stable
v1.8.4-stable
v1.8.3-stable
v1.8.1-stable
v1.8.0-beta
v1.7.3-stable
v1.7.2-stable
v1.7.1-stable
1.7.0
1.6.3-final
1.6.2
1.6.1
1.6.0
Labels
Clear labels   
HiDPI

   
bounty

   
bsd/freebsd

   
bsd/openbsd

   
bug

   
bug

   
build-infra

   
cantfix

   
critical

   
doc

   
duplicate

   
enhancement

   
fix-available

   
from git

   
from release

   
good first issue

   
help wanted

   
installer/package

   
invalid

   
linux

   
macOS

   
meta

   
needs testing

   
pull-request

Mirrored from GitHub Pull Request

  
query

   
question

   
regression

   
regression

   
v2.4.0

   
windows

   
wontfix

   
work-in-progress
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/barrier#1069
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?