Skip to content

docs: describe gateway and internal certs #7747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 1, 2023
Merged

docs: describe gateway and internal certs #7747

merged 5 commits into from
Jun 1, 2023

Conversation

ericpaulsen
Copy link
Member

this PR documents steps for configuring JetBrains Gateway to connect to a Coder deployment with self-signed certificates.

@ericpaulsen ericpaulsen added the docs Area: coder.com/docs label May 31, 2023
@ericpaulsen ericpaulsen requested review from bpmct and code-asher May 31, 2023 20:00
@ericpaulsen ericpaulsen self-assigned this May 31, 2023
bpmct
bpmct approved these changes May 31, 2023
View reviewed changes
Copy link
Member

@bpmct bpmct left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this, this will be huge since a ton of our users use custom CAs or self-signed certificates. Are these steps necessary if the user's operating system trusts the CA?

@code-asher - Can you think of any UX enhancements around this in the plugin itself or ways we could point users to this doc when they run into an error? No need to do this now, but would be awesome to represent as an issue in coder/jetbrains-coder

@ericpaulsen
Copy link
Member Author

Are these steps necessary if the user's operating system trusts the CA?

I believe so, as this error has been returned when the client trusts CA. To that point, users are able to run curl and coder login against the endpoint with no issue.

@ammario ammario changed the title docs: gateway & self-signed certs docs: describe gateway & self-signed certs May 31, 2023
code-asher
code-asher approved these changes May 31, 2023
View reviewed changes
Copy link
Member

@code-asher code-asher left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

Are these steps necessary if the user's operating system trusts the CA?

Just confirming Eric's response that this does appear to be the case. It looks like JetBrains is shipping their own CA certs via the trust store so nothing you do to the operating system has any effect which...is interesting, but maybe there is a part of this we are not understanding.

UX enhancements

Good idea! Opened coder/jetbrains-coder#251

@ammario ammario changed the title docs: describe gateway & self-signed certs docs: describe gateway and self-signed certs May 31, 2023
@bpmct
Copy link
Member

bpmct commented May 31, 2023

Are these steps necessary if the user's operating system trusts the CA?

I believe so, as this error has been returned when the client trusts CA. To that point, users are able to run curl and coder login against the endpoint with no issue.

Gotcha. In that case, I don't think self-signed certs is the right term. Perhaps "internally signed certificates"?

matifali
matifali reviewed Jun 1, 2023
View reviewed changes
docs/ides/gateway.md Outdated
$<Gateway installation directory>/jre/lib/security/cacerts

# Windows
C:\Program Files (x86)\<Gateway installation directory>\jre<version>\lib\security\cacerts
Copy link
Member

@matifali matifali Jun 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If using JetBrains Toolbox, the path is,
%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts

matifali
matifali reviewed Jun 1, 2023
View reviewed changes
docs/ides/gateway.md Outdated
For example:

```powershell
& 'C:\Program Files\JetBrains\JetBrains Gateway <version>/jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway <version>/jbr/lib/security/cacerts' -import -alias coder -file <cert>
Copy link
Member

@matifali matifali Jun 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similarly

& '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\apps\Gateway\ch-0\<VERSION>\jbr\bin\keytool.exe' '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts' -import -alias coder -file <cert>

@ericpaulsen ericpaulsen changed the title docs: describe gateway and self-signed certs docs: describe gateway and internal certs Jun 1, 2023
code-asher
code-asher approved these changes Jun 1, 2023
View reviewed changes
Copy link
Member

@code-asher code-asher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome, and thanks @matifali for the Toolbox paths!

@ericpaulsen ericpaulsen merged commit 4acf36b into main Jun 1, 2023
@ericpaulsen ericpaulsen deleted the gateway-cert-docs branch June 1, 2023 18:49
@github-actions github-actions bot locked and limited conversation to collaborators Jun 1, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bpmct bpmct bpmct approved these changes

@code-asher code-asher code-asher approved these changes

@matifali matifali Awaiting requested review from matifali

Assignees

@ericpaulsen ericpaulsen

Labels
docs Area: coder.com/docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ericpaulsen @bpmct @matifali @code-asher @ammario