Nicolas Köhl created GUACAMOLE-1375: ---------------------------------------
Summary: GUACD Docker Image - Can not run update-ca-certificates successfully Key: GUACAMOLE-1375 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1375 Project: Guacamole Issue Type: Improvement Components: guacd-docker Affects Versions: 1.3.0 Environment: Docker Reporter: Nicolas Köhl When running GUACD-Docker image, in order to inject private CA certificates into the certificate store, one is supposed to run update-ca-certificates in order to rebuild the ca_certificates.crt file in /etc/ssl/certs folder to include the additional CAs. I was able to place the 3 root certificates via a bind mount into /usr/local/share/ca-certificates. When I run *update-ca-certificates* as a command in the docker container at _entrypoint_, it fails due to a permissions limitation. The error message shown is that the command does not have permission to create the symbolic link in the folder /etc/ssl/certs and the docker image will fail to deploy. ln: failed to create symbolic link '/etc/ssl/certs/xxxxxxxx.pem': Permission denied {{{{}}}}The guacd-docker image runs under user guacd and not root, so even if I exec into the container I can't run it manually either. I realize this is a good security measure but I'm wondering how to do this properly? I'm hoping that guacd reads /etc/ssl/certs/ca_certificates.crt to authenticate RDP connections, but I won't be able to RDP and verify the any certificate based off my private PKI infrastructure until I can add trusted roots to that store. -- This message was sent by Atlassian Jira (v8.3.4#803005)