This article lists which keys and certificates are used with NoMachine 4 or later.
Administrators who may want to replace them with their own keys and certificates, should refer to the following guides:
for v. 6 - https://www.nomachine.com/DT03O00127
for v. 5 - https://www.nomachine.com/DT09M00103
for v. 4 - https://www.nomachine.com/DT04L00069
More information about the supported connections protocols and authentication methods are available here:
for v. 6 - https://www.nomachine.com/DT10O00150#2
for v. 5 - https://www.nomachine.com/DT07M00088#2
for v. 4 - https://www.nomachine.com/DT12I00037#2
List of keys and certificates used by NoMachine
1) The SSL CERTIFICATE FOR NXD (For connections by NX protocol)
nxd is the NoMachine Network Daemon necessary to connect through NX protocol. Its SSL certificate is made of:
2) The SSL CERTIFICATE FOR NXHTD (For connections by the web)
nxhtd is the NoMachine Web Server necessary for deploying sessions on the web. It's installed with each server type that supports web sessions.
Installation comes with a self-signed a SSL Certificate File and SSL Certificate Key file intended to be just a sample. They are, respectively:
Administrators have to replace the sample SSL Certificate File and Key File with their own certificate self-signed or acquired from a CA.
3) The RSA KEY PAIR FOR NXSSHD (For connections by SSH on Windows and NoMachine login)
nxsshd is the NoMachine SSH server installed on Windows by any of the enterprise packages.
The NoMachine client authenticates by SSH protocol and NoMachine login by using a DSA key and the user's system password.
RSA keys are:
4) The SSH KEY PAIR FOR SSHD ( For connections by SSH protocol and NoMachine login)
The NoMachine client authenticates by SSH protocol and NoMachine login by using a RSA key (or DSA key for versions previous than v. 5.1.22) and the user's system password.
5) The RSA KEY PAIR FOR THE REMOTE NODES
The server authenticates on the node with a RSA key pair (or DSA key for versions previous than v. 5.1.22).
This RSA key pair is generated during the installation and its server specific.
When adding the node to the server (by means of nxserver --nodeadd command), the public part of this key pair is automatically added to the remote node:
- if server-node protocol is NX, the key is added to <installation directory>/nx/.nx/config/authorized.crt
- if server-node protocol is SSH, the key is addded to <installation directory>/nx/.ssh/authorized_keys2 and <installation directory>/nx/.ssh/default.id_dsa.pub
6) THE RSA KEYS FOR THE FAILOVER CLUSTER (For connections by SSH protocol)
The master server authenticates on the secondary server with a RSA key pair (or DSA key for versions previous than v. 5.1.22).
For v. 6 or newer:
7) The RSA key pair for NoMachine servers federated under a Cloud Server
NoMachine Cloud Server authenticates on any of the federated servers with a RSA key pair.
This key pair is made of: