Fresh Barrier Install Shows is:openERROR: ssl certificate doesn't exist: /home/thomas/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem

[TafThorne]

Operating Systems

Server: Ubuntu 18.04

Client: Microsfot Windows 10 Version 1803 (OS Build 17134.523)

Barrier Version

Server: 2.2.0-snapshot-53ebc47a

Client: 2.1.0-RELEASE-0b2dfd80

Steps to reproduce bug

1. Go to https://github.com/debauchee/barrier/wiki to Download and install the Windows binary.
2. Go to https://github.com/debauchee/barrier/releases to install the latest release, which for Ubuntu is a Flatpak
3. Start the client on the Windows machine, set to client mode and give server IP address.
4. Start the server on the Ubuntu machine with flatpak run com.github.debauchee.barrier
5. Click the "Configure Sever..." button and enter the client details.
6. Start Barrier
7. Observe errors in the Barrier > Show Log

[2019-01-18T11:41:57] INFO: OpenSSL 1.1.1  11 Sep 2018
[2019-01-18T11:41:57] ERROR: ssl certificate doesn't exist: /home/thomas/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
[2019-01-18T11:42:13] INFO: OpenSSL 1.1.1  11 Sep 2018
[2019-01-18T11:42:13] ERROR: ssl certificate doesn't exist: /home/thomas/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
[2019-01-18T11:42:29] INFO: OpenSSL 1.1.1  11 Sep 2018

Other info

• When did the problem start to occur? On a fresh install of what I (probaby mistakenly) thought was the latest releases.
• Is there a way to work around it? IDK, probably trying to get the same version on both ends?
• Does this bug prevent you from using Barrier entirely? Yes

[TafThorne]

I can confirm that the file does not exist:

$ ls ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/
$ locate Barrier.pem

[TafThorne]

I thought this could be similar to #142 but allowing barrier.exe and barriers.exe through the firewall did not change the message in the logs.

#'171 also looked related but I cannot work out where the Barrier.pem shown there comes from. Following the supplied link did not really change anything.

I can at least confirm this is related to having the SSL config enabled. With that disabled I am able to get the client and server to work together.

[AdrianKoshka]

That's interesting, I'm a daily user of the flatpak and barrier managed to generate an SSL certificate for me just fine.

alc@am1m-s2h ~ % ls -l .var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem 
-rw-rw-r--. 1 alc alc 1649 May 21  2018 .var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem

[Ch4ni]

As a workaround, I used the synergy instructions from this page: https://wiki.archlinux.org/index.php/synergy#Set_up_encryption_on_server

TL;DR:

mkdir -p ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Fingerprints
openssl req -x509 -nodes -days 365 -subj /CN=Barrier-newkey rsa:4096-keyout ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem -out ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
openssl x509 -fingerprint -sha2 -noout -in ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem > ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Fingerprints/Local.txt

Then enable encryption from the settings on both the client and server, restart both, and accept the new server certificate from your client ... should be good to go from there.

Edit:
change keylength from 1024 to 4096
change -sha1 to -sha2

[AdrianKoshka]

I'll leave this issue open just in case someone else also has this issue. Also you might want to bump that key-length from 1024 to 4096, and use sha2 instead of sha1.

[Ch4ni]

fair point. I usually use the 4K keys ... I just got lazy this time around and copy/pasted. Comment updated with @AdrianKoshka 's suggestions.

Edit: punctuation.

[TafThorne]

When I run the openssl req command I get an error message:

$ openssl req -x509 -nodes -days 365 -subj /CN=Barrier-newkey rsa:4096-keyout ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem -out ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
req: Use -help for summary.

It looks like you have lost a couple of spaces from the command. The following works:

$ openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem -out ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
Generating a 4096 bit RSA private key
......................................................................................................................................................++
.......................................................................................................................................................................++
writing new private key to '/home/thomas/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem'
-----

The openssl x509 command then also fails.

$ openssl x509 -fingerprint -sha2 -noout -in ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem > ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Fingerprints/Local.txt
x509: Unknown digest sha2
x509: Use -help for summary.

I believe that the workaround advice should be updated to:

mkdir -p ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Fingerprints
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem -out ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem
openssl x509 -fingerprint -sha1 -noout -in ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Barrier.pem > ~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/Fingerprints/Local.txt

At least in my case.

[TafThorne]

Now does the absence of sha2 support explain the cause of my issue? If whatever is expected to automatically generate the keys is trying to use sha2 and silently failing.

I have version 1.1.0g of OpenSSL.

$ openssl version
OpenSSL 1.1.0g  2 Nov 2017

What version is expected to have the sha2 support? It seems that I can use either -sha256 or -sha512 in the command line without getting an error.

[TafThorne]

I am pleased to report that with the workaround in place (using sha512 in this case) I have been able to connect the Windows client to the flatpak version of barrier.

Thank you for your help in getting me up and running. Please let me know if there is anything more I can do to help find the cause of the issue and possible solution.

[julius59]

Same setup and same behaviour as in the bug description here.

[nedart]

I had this same issue. Both client and server were version 2.2.0-snapshot-53ebc47a. Using the commands in the post by @TafThorne did the trick.

[tassosblackg]

I had the same issue, it worked for me too!

[hatzkel]

This just crept up on me out of the blue after this past update. Had to follow the instructions above as well.

[obasilakis]

Hey, I tried @TafThorne 's commands and I'm getting this:

[2019-06-15T17:20:12] INFO: OpenSSL 1.1.1b 26 Feb 2019
[2019-06-15T17:20:12] ERROR: could not use ssl certificate
[2019-06-15T17:20:12] ERROR: error:0909006C:PEM routines:get_name:no start line

anyone knows what's the issue?

[hifi]

Not trying to sound rude but why this hasn't been fixed in the official Flatpak build as it seems to affect all new installs, including me today and is a real barrier to entry for new users?

[AdrianKoshka]

So, as was probably obvious, the openssl command-line tools aren't shipped, which prevents the certificate from being generated, I'm working on fixing this finally. I'm sorry.

[AdrianKoshka]

Truly sorry this was an issue for so long, it really shouldn't have been. After work it can be hard to find the energy to work on OSS.

[hifi]

Indeed, thank you for fixing the issue.

My point was that the Flatpak package is likely one of the main channels to install Barrier and since it was effectively broken for all new users it was a bit frustrating to find the issue had been open for so long.

[AdrianKoshka]

Fixed for me on a personal machine at work, before I had no cert.

[AdrianKoshka]

openssl is shipped with barriers flatpak, and I believe this has been fixed.

[fbidu]

Hey people, I just ran into this issue on a fresh install using snapd on fedora!

mkdir -p /home/fbidu/snap/barrier-kvm/2/.local/share/barrier/SSL/ 
cd /home/fbidu/snap/barrier-kvm/2/.local/share/barrier/
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

Worked for me!

[4F2E4A2E]

This is how I've got it running on Windows:

• Install git for windows
• cd into 'C:\Users\<user>\AppData\Local\Barrier\SSL\'
• run in the cmd openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
• restart barrier

[cfarvidson]

I had the exact same issue on macOS Monterey (12.0.1) today.

Solved it by running the openssl command described in @4F2E4A2E post.

• cd into /Users/<user>/Library/Application Support/barrier/SSL
• run in the cmd openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
• restart barrier

[shymega]

This should be opened again, as it appears to be an ongoing issue with Barrier. Reopening.

[zacharyy04]

I worked for me when I disabled ssl certificate in both devices
I also used custom server configuration and the client as my client pc name

[ph818]

Reporting in, I installed Openssl for Win64 (https://slproweb.com/products/Win32OpenSSL.html) and used it to create the .pem keys. This resolved the SSL error in the log, and let me connect.

[mroxso]

This is how I've got it running on Windows:

• Install git for windows
• cd into 'C:\Users\<user>\AppData\Local\Barrier\SSL\'
• run in the cmd openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
• restart barrier

this also works on mac os 13

[bagundes]

I disabled the "enabled ssl" option in settings and it's working fine.

[dezerving]

Try quoting the argument "/CN=Barrier", i.e.:

openssl req -x509 -nodes -days 365 -subj "/CN=Barrier" -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

Quoting didn't work for me for some reason but just adding another slash in front of /CN to make it //CN worked. Go figure.

[rleyvasal]

Found same issue on Kubuntu 22.10 . App interface said "Barrier is running" but nothing was happening.

Setup:
Kubuntu 22.10 Server
Windows 10 client

I went to the menu Barrier > Show Log and found the the error mentioned in title of this post.

Note: Barrier was Installed from Kubuntu store .

The following from #231 (comment) fixed it and is working great!

### Ubuntu 22 Apt
BARRIER_SSL_PATH=~/.local/share/barrier/SSL/

mkdir -p "${BARRIER_SSL_PATH}"
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout ${BARRIER_SSL_PATH}/Barrier.pem -out ${BARRIER_SSL_PATH}/Barrier.pem

[raspberrypieman]

jhgorse - Thank-you for your "Summary of Resolutions".
I have a Windows/10 system running barrier as server and to the left a Raspberry Pi400 running Debian Linux with barrier as client and to the right an Acer desktop running Linux Mint Cinnamon with barrier as client.
The Raspberry Pi400 worked a treat, but I could not get the Acer Mint to work. When I found no "Barrier.pem" file, I found this issue on github.
I set my BARRIER_SSL_PATH as follows:
BARRIER_SSL_PATH=~/.var/app/com.github.debauchee.barrier/data/barrier/SSL/
and ran the openssl command, restarted barrier on both server and client and it all worked fine.
Thanks again for solving this irritating issue.

[ITESaurabh]

on windows mingw/git bash, /CN=Barrier was giving me trouble.
so here's my quick solution without much tinkering.
MSYS_NO_PATHCONV=1 openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

[flamecopper]

I had the exact same issue on macOS Monterey (12.0.1) today.

Solved it by running the openssl command described in @4F2E4A2E post.

• cd into /Users/<user>/Library/Application Support/barrier/SSL
• run in the cmd openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
• restart barrier

Thanks, this is working for me.
I just have to restart barrier for it to work as expected.

[tonymynd]

This is how I've got it running on Windows:

• Install git for windows
• cd into 'C:\Users\<user>\AppData\Local\Barrier\SSL\'
• run in the cmd openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
• restart barrier

It worked for me, controlling Acer One KAV60 with Debian i386 11 from Samsung laptop with Windows 10 TLS

[Cimbali]

Same issue with v2.4.0 (and working solution) on both linux (opensuse) and windows.

[dvolosnykh]

Same issue with v2.4.0-release-3e0d758b on macOS Ventura 13.1 (22C65).

The client's environment:

$ lsb_release -d
Description:	Ubuntu 20.04.4 LTS
$ apt-cache show barrier | grep -w Version
Version: 2.3.2+dfsg-1build1

The initial issues was resolved with commands from @jhgorse's comment by running them on the server side, yet the value of BARRIER_SSL_PATH environment variable was fixed and quoted:

BARRIER_SSL_PATH="$HOME/Library/Application Support/barrier/SSL"
mkdir -p "${BARRIER_SSL_PATH}"
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout "${BARRIER_SSL_PATH}/Barrier.pem" -out "${BARRIER_SSL_PATH}/Barrier.pem"

---

In case, you face the below error on the server side, check if the client has Enable SSL option turned on:

[2023-01-30T17:40:55] ERROR: ssl error occurred (generic failure)
[2023-01-30T17:40:55] ERROR: error:0A000126:SSL routines::unexpected eof while reading
[2023-01-30T17:40:55] ERROR: failed to accept secure socket
[2023-01-30T17:40:55] INFO: client connection may not be secure
[2023-01-30T17:40:56] INFO: OpenSSL 3.0.0 7 sep 2021

This is what the client says during this attempt to connect:

[2023-01-30T17:40:56] NOTE: connecting to '192.168.1.123': 192.168.1.123:24800
[2023-01-30T17:40:55] WARNING: failed to connect to server: Timed out

The server port was verified to be open by the following command on the client side:

$ nc -vzw3 192.168.1.123 24800
Connection to 192.168.1.123 24800 port [tcp/*] succeeded!

[mutech]

So since 4 years, every new user has to walk this walk and the original purpose of forking synergy was to make it easier for users to have kvm?

In the logs, I see:

ERROR: ssl certificate doesn't exist: /home/mu/snap/barrier/682/.local/share/barrier/SSL/Barrier.pem

I installed the snap, because barrier didn't work using the apt packages. On one installation (both Ubuntu 22.04), I got an error or warning message that didn't fail the installation. So I first ignored it and then deinstalled the package, because these two Ubuntus are new and virtually identical and I really don't trust a package that doesn't work and throws random error messages that are ignored.

Seeing this error message, am I supposed as a good user to manually create a certificate and copy it into a snap directory? I find the whole concept of isolated environments with side effects and dependency free packages with dependencies rather suspect. Having an app not use ~/.local' and then store data that is not considered ephemeral in a snap directory in .local` that probably gets thrown away is just as bipolar disordered.

The apt package does not work, the snap does not work, the homebrew installation on mac does not work.

I assume that if 3 out of 3 installation methods don´t work, the others I didn't try won't work either. I wonder why one would spend a lot of time writing software, packaging it up, create new versions and then not fix a bug that keeps users from ever seeing the thing in action, unless they are really determined.

The year is still young, but still, this is my top contender in 2023 for software I tried and will never touch again.

[Cimbali]

I find the whole concept of isolated environments with side effects and dependency free packages with dependencies rather suspect.

snaps just don’t make a lot of sense overall.

I assume that if 3 out of 3 installation methods don´t work, the others I didn't try won't work either. I wonder why one would spend a lot of time writing software, packaging it up, create new versions and then not fix a bug that keeps users from ever seeing the thing in action, unless they are really determined.

Fixing bugs isn’t easy and takes time. Also it seems active maintainers of this project have left to create and maintain a different fork, input-leap, so it’s unlikely the fix will ever land in barrier.

[mutech]

Fixing bugs isn’t easy and takes time. Also it seems active maintainers of this project have left to create and maintain a different fork, input-leap, so it’s unlikely the fix will ever land in barrier.

Thanks for the pointer! I will try that. Funny that one of the comments in alternative-to was ¨it's maintained¨. The connotation of input leap is certainly better than that of barrier anyway... ;-)

[stefan-muc]

ERROR: error:0909006C:PEM routines:get_name:no start line

For Windows the openssl command line has to be this:

MSYS_NO_PATHCONV=1 openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

Otherwise the underlying libraries (coming from mingw) are trying to be smart and convert arguments that look like paths (as the / in argument) to actual paths.
See git-for-windows/git#577 (comment) for details

[resuna]

Would it be possible to cut a new release with this fix? 2.4.0 is from 2021, and there are no releases yet for input-leap.

(Both Mac and Windows, no Flatpaks or Snaps or other file system shenanigans involved)

[Jan02]

same issue on windows, the certificates were never generated.
Version: 2.4.0-release-3e0d758b
Build Date: Monday, 1, 2021

[jhgorse]

It seems like there are at least a few commits on master past 2.4.0: https://github.com/debauchee/barrier/commits/master

These might be fixed there. Try the July 6 2022 build available on Azure pipelines:
https://dev.azure.com/debauchee/Barrier/_build/results?buildId=782&view=results

Does it reproduce or fix the problem?

[renaner123]

This is how I've got it running on Windows:

* Install git for windows

* cd into `'C:\Users\<user>\AppData\Local\Barrier\SSL\'`

* run in the cmd `openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem`

* restart barrier

Also worked for me, thanks

Server: Windows 10 (19045.3086)
Client: Ubuntu 22.04 LTS
Barrier: 2.4.0

[zippydan]

This doesn't seem like the best place to put a tutorial, but since everyone else is offering up what worked for them, I figured I might as well document what worked for me somewhere, especially since I assume many people googling their problems and errors will eventually end up here, as I did.

Objective: Trying to connect macOS (Big Sur) client to Windows 10 Pro (22H2) server; both are brand new installs.

Symptoms:

• Windows client shows as "running" but SSL fingerprint is disabled. Log shows SSL certificate doesn't exist at specific path.
• macOS client shows as "starting" but SSL fingerprint is disabled. Log shows SSL certificate doesn't exist at specific path.
  (You can easily view the log via the Barrier app's menu.)

Step 1: Fix macOS client.

I followed instructions here: https://stackoverflow.com/questions/67343804/error-ssl-certificate-doesnt-exist-home-rsvay-snap-barrier-kvm-2-local-shar

However, I had to slightly edit the last line, which was formatted for Linux, as opposed to macOS which is BSD-based. Also, the directory shown below that you change to should match the specific path referenced above and showing in Barrier's log for the location of the missing SSL certificate.

cd "/Users/$USER/Library/Application Support/barrier/SSL/"
mkdir -p Fingerprints
openssl req -x509 -nodes -days 365 -subj /CN=barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
openssl x509 -fingerprint -sha256 -noout -in Barrier.pem > Fingerprints/Local.txt
sed -i '' -e "s/.*=/v2:sha256:/" Fingerprints/Local.txt

After this, you must completely close and restart the Barrier app so that it will find and load the SSL Fingerprint correctly.

Following this, Barrier still showed as "starting" only, and the log still showed several errors:

SSL error occurred (generic failure)
unexpected eof while reading
failed to connect to secure socket

Perhaps I should have fixed the server first, to avoid these errors. Either way, the client is ready now, so on to the server.

Step 2: Fix the Windows server.

Following @4F2E4A2E instructions, I used chocolatey to install git (choco install git), then launched git-cmd.exe from C:\Program Files\Git\

Then I issued the following commands:

cd %USERPROFILE%\AppData\Local\Barrier\SSL
"C:\Program Files\Git\mingw64\bin\openssl" req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

Alternatively, this should also work:

cd \Program Files\Git\mingw64\bin\openssl
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout %USERPROFILE%\AppData\Local\Barrier\SSL\Barrier.pem -out %USERPROFILE%\AppData\Local\Barrier\SSL\Barrier.pem

Alternatvely, you could just create the Barrier.pem file anywhere using the openssl command above and then manually copy it into the %USERPROFILE%\AppData\Local\Barrier\SSL directory.

With the required SSL certificate created, you must then completely close Barrier (double-check the system tray) and restart it again. Now the required SSL Fingerprint should show up in the application!

Step 3: Connect the client and server.

If the app is now "running" on both devices, you should see a window pop up on the macOS client asking you to accept the SSL fingerprint from the server. (If you don't see this then maybe check your network and firewall?)

But after accepting the server's SSL certificate on the client, I still wasn't connected and was still getting errors in the macOS client log, namely:

failed to connect to server: server refused client with our name

To fix this final obstacle, on the Windows server side you need to click on the Configure Server button, then drag a "blank" blue computer monitor onto the grid (and release), and finally double-click on the new monitor you should see newly-created named "Unnamed".

In the new window, change the Screen name to match the macOS client computer name exactly. Then click OK twice, then click the Reload button, and now DOUBLE and TRIPLE FINALLY (assuming the app is still "running" on both computers) the two computers should successfully connect!

This is why people pay for software instead of using open-source stuff. It seems to be working great now, though.

Thanks for your help and your time!

[jhgorse]

The last pipline build resolved the issue for me on macOS 13.5.1 using the macOS 11 released dmg:
https://dev.azure.com/debauchee/169cf39a-492c-408a-aacd-827752119933/_apis/build/builds/782/artifacts?artifactName=Mac%20Release%20Disk%20Image%20and%20App%20macOS-11&api-version=7.1&%24format=zip

Auto connection with Windows Server "just worked." No fussing. macOS was fresh without having used barrier before.

If the direct download link above does not work, use this link, click the ... on the right, download artifacts.
https://dev.azure.com/debauchee/Barrier/_build/results?buildId=782&view=artifacts&pathAsName=false&type=publishedArtifacts

Cheers,
Joe

[shahidkhaliq]

Found same issue on Kubuntu 22.10 . App interface said "Barrier is running" but nothing was happening.

Setup: Kubuntu 22.10 Server Windows 10 client

I went to the menu Barrier > Show Log and found the the error mentioned in title of this post.

Note: Barrier was Installed from Kubuntu store .

The following from #231 (comment) fixed it and is working great!

### Ubuntu 22 Apt
BARRIER_SSL_PATH=~/.local/share/barrier/SSL/

mkdir -p "${BARRIER_SSL_PATH}"
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout ${BARRIER_SSL_PATH}/Barrier.pem -out ${BARRIER_SSL_PATH}/Barrier.pem

This fixed it for me. Server running on Ubuntu, ran the commands above. Client running on Mac OS, accepted the fingerprint. It's working perfectly now!

[jhgorse]

Updated Summary of Resolutions for space in path issue: #231 (comment)

[ww12th]

This doesn't seem like the best place to put a tutorial, but since everyone else is offering up what worked for them, I figured I might as well document what worked for me somewhere, especially since I assume many people googling their problems and errors will eventually end up here, as I did.

Objective: Trying to connect macOS (Big Sur) client to Windows 10 Pro (22H2) server; both are brand new installs.

Symptoms:

• Windows client shows as "running" but SSL fingerprint is disabled. Log shows SSL certificate doesn't exist at specific path.
• macOS client shows as "starting" but SSL fingerprint is disabled. Log shows SSL certificate doesn't exist at specific path.
  (You can easily view the log via the Barrier app's menu.)

Step 1: Fix macOS client.

I followed instructions here: https://stackoverflow.com/questions/67343804/error-ssl-certificate-doesnt-exist-home-rsvay-snap-barrier-kvm-2-local-shar

However, I had to slightly edit the last line, which was formatted for Linux, as opposed to macOS which is BSD-based. Also, the directory shown below that you change to should match the specific path referenced above and showing in Barrier's log for the location of the missing SSL certificate.

cd "/Users/$USER/Library/Application Support/barrier/SSL/"
mkdir -p Fingerprints
openssl req -x509 -nodes -days 365 -subj /CN=barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem
openssl x509 -fingerprint -sha256 -noout -in Barrier.pem > Fingerprints/Local.txt
sed -i '' -e "s/.*=/v2:sha256:/" Fingerprints/Local.txt

After this, you must completely close and restart the Barrier app so that it will find and load the SSL Fingerprint correctly.

Following this, Barrier still showed as "starting" only, and the log still showed several errors:

SSL error occurred (generic failure) unexpected eof while reading failed to connect to secure socket

Perhaps I should have fixed the server first, to avoid these errors. Either way, the client is ready now, so on to the server.

Step 2: Fix the Windows server.

Following @4F2E4A2E instructions, I used chocolatey to install git (choco install git), then launched git-cmd.exe from C:\Program Files\Git\

Then I issued the following commands:

cd %USERPROFILE%\AppData\Local\Barrier\SSL
"C:\Program Files\Git\mingw64\bin\openssl" req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout Barrier.pem -out Barrier.pem

Alternatively, this should also work:

cd \Program Files\Git\mingw64\bin\openssl
openssl req -x509 -nodes -days 365 -subj /CN=Barrier -newkey rsa:4096 -keyout %USERPROFILE%\AppData\Local\Barrier\SSL\Barrier.pem -out %USERPROFILE%\AppData\Local\Barrier\SSL\Barrier.pem

Alternatvely, you could just create the Barrier.pem file anywhere using the openssl command above and then manually copy it into the %USERPROFILE%\AppData\Local\Barrier\SSL directory.

With the required SSL certificate created, you must then completely close Barrier (double-check the system tray) and restart it again. Now the required SSL Fingerprint should show up in the application!

Step 3: Connect the client and server.

If the app is now "running" on both devices, you should see a window pop up on the macOS client asking you to accept the SSL fingerprint from the server. (If you don't see this then maybe check your network and firewall?)

But after accepting the server's SSL certificate on the client, I still wasn't connected and was still getting errors in the macOS client log, namely:

failed to connect to server: server refused client with our name

To fix this final obstacle, on the Windows server side you need to click on the Configure Server button, then drag a "blank" blue computer monitor onto the grid (and release), and finally double-click on the new monitor you should see newly-created named "Unnamed".

In the new window, change the Screen name to match the macOS client computer name exactly. Then click OK twice, then click the Reload button, and now DOUBLE and TRIPLE FINALLY (assuming the app is still "running" on both computers) the two computers should successfully connect!

This is why people pay for software instead of using open-source stuff. It seems to be working great now, though.

Thanks for your help and your time!

Thank you so much ! This helped. I had to sign up Github to thank you. Thank you! I hope this is the right place to comment. lol :)

[bimal69]

Both server and client is running but on client computer mouse pointer is not showing even though log says it is connected and clip board is updated as well
[2024-03-16T13:26:45] INFO: entering screen
[2024-03-16T13:26:45] INFO: leaving screen
(This is from the log of client computer)
Ubuntu 22.04.4 LTS is my client.
And windows 10 is my server.
SSL is disable in both computer.