Custom Root Certificates

Administrators may wish to install custom root certificates inside a Kasm Image so that users can access organization resources that have certificates singed by an internal CA, or to utilize transparent proxies to inspect traffic and enforce policies.

In order to install a custom root cert inside an Image, the Administrator must build a Custom Image. Administrators should first review Building Custom Images documentation to familiarize themselves with the process.

Building the Custom Image

The following steps may be used to install a custom root certificate. The steps make use of our open source Git repository that contains the example Dockerfiles and scripts. Firefox is used in the example but the same steps will apply for the other provided images. For simplicity, the steps assume the Image is being built on a Single Server Kasm deployment. If using a multi-server/distributed deployment these steps can be performed from a seperate machine and the Image pushed to a registry. See Building Custom Images for more details.

  • SSH to the Kasm Workspaces server and clone the example Git repository that has examples of for creating custom images.

    git clone
    cd workspaces-images
  • Place your certificate in the following directory, overwriting the placeholder file that is currently there ./src/ubuntu/install/certificates/ca.crt ( ensure it is named ca.crt)

  • Edit dockerfile-kasm-firefox and uncomment the following lines – ( Remove the “#” characters ). This will :

    # Install Custom Certificate Authority
    # COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
    # RUN bash $INST_SCRIPTS/certificates/ && rm -rf $INST_SCRIPTS/certificates/
    # Install Custom Certificate Authority
    COPY ./src/ubuntu/install/certificates $INST_SCRIPTS/certificates/
    RUN bash $INST_SCRIPTS/certificates/ && rm -rf $INST_SCRIPTS/certificates/
  • Build the image.

    sudo docker build -t firefox:custom -f dockerfile-kasm-firefox .
  • Login to the Kasm UI as an administrator, and create a new Workspaces that references the new Docker image. See Building Custom Images. for details.