[
https://issues.apache.org/jira/browse/GUACAMOLE-1375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper closed GUACAMOLE-1375.
----------------------------------
Resolution: Invalid
> GUACD Docker Image - Can not run update-ca-certificates successfully
> ---------------------------------------------------------------------
>
> Key: GUACAMOLE-1375
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1375
> Project: Guacamole
> Issue Type: Improvement
> Components: guacd-docker
> Affects Versions: 1.3.0
> Environment: Docker
> Reporter: Nicolas Köhl
> Priority: Minor
> Labels: Certificate
>
> When running GUACD-Docker image, in order to inject private CA certificates
> into the certificate store, one is supposed to run update-ca-certificates in
> order to rebuild the ca_certificates.crt file in /etc/ssl/certs folder to
> include the additional CAs. I was able to place the 3 root certificates via
> a bind mount into /usr/local/share/ca-certificates. When I run
> *update-ca-certificates* as a command in the docker container at
> _entrypoint_, it fails due to a permissions limitation.
> The error message shown is that the command does not have permission to
> create the symbolic link in the folder /etc/ssl/certs and the docker image
> will fail to deploy.
> ln: failed to create symbolic link '/etc/ssl/certs/xxxxxxxx.pem': Permission
> denied
> {{{{}}}}The guacd-docker image runs under user guacd and not root, so even if
> I exec into the container I can't run it manually either. I realize this is a
> good security measure but I'm wondering how to do this properly?
> I'm hoping that guacd reads /etc/ssl/certs/ca_certificates.crt to
> authenticate RDP connections, but I won't be able to RDP and verify the any
> certificate based off my private PKI infrastructure until I can add trusted
> roots to that store.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
