Custom Root Certificates¶
Administrators may wish to install custom root certificates inside a Kasm Image so that users can access organization resources that have certificates singed by an internal CA, or to utilize transparent proxies to inspect traffic and enforce policies.
In order to install a custom root cert inside an Image, the Administrator must build a Custom Image. Administrators should first review Building Custom Images documentation to familiarize themselves with the process.
Building the Custom Image¶
The following steps may be used to install a custom root certificate. The steps make use of our open source Git repository that contains the example Dockerfiles and scripts. Firefox is used in the example but the same steps will apply for the other provided images. For simplicity, the steps assume the Image is being built on a Single Server Kasm deployment. If using a multi-server/distributed deployment these steps can be performed from a seperate machine and the Image pushed to a registry. See Building Custom Images for more details.
SSH to the Kasm Workspaces server and clone the example Git repository that has examples of for creating custom images.
git clone https://github.com/kasmtech/workspaces-images cd workspaces-images
Place your certificate in the following directory, overwriting the placeholder file that is currently there
./src/ubuntu/install/certificates/ca.crt
( ensure it is named ca.crt)Edit
dockerfile-kasm-firefox
and uncomment the following lines – ( Remove the “#” characters ). This will :... # Install Custom Certificate Authority # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ # RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ...
... # Install Custom Certificate Authority COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/ RUN bash $INST_SCRIPTS/certificates/install_ca_cert.sh && rm -rf $INST_SCRIPTS/certificates/ ...
Build the image.
sudo docker build -t firefox:custom -f dockerfile-kasm-firefox .
Login to the Kasm UI as an administrator, and register the Image. See Building Custom Images. for details.