Skip to content

docs: describe gateway and internal certs #7747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 1, 2023
Merged

docs: describe gateway and internal certs #7747

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e7e53d4
docs: gateway & self-signed certs
ericpaulsen May 31, 2023
212bc4e
docs: update trust store locations
ericpaulsen May 31, 2023
080b206
Merge remote-tracking branch 'origin/main' into gateway-cert-docs
ammario Jun 1, 2023
2211353
toolbox paths
ericpaulsen Jun 1, 2023
69b8deb
fix: windows cacerts location
ericpaulsen Jun 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 41 additions & 0 deletions docs/ides/gateway.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,3 +74,44 @@ explaining this IDE specification.
![Gateway IDE Opened](../images/gateway/gateway-intellij-opened.png)

> Note the JetBrains IDE is remotely installed into `~/.cache/JetBrains/RemoteDev/dist`

## Configuring Gateway to use self-signed certificates

When attempting to connect to a Coder deployment that uses self-signed certificates,
you may receive the following error in Gateway:

```console
Failed to configure connection to https://coder.internal.enterprise/: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
```

To resolve this issue, you will need to add Coder's certificate to the Java trust store
present on your local machine. Here is the default location of the trust store for
each OS:

```console
# Linux
$JAVA_HOME/lib/security/cacerts
<Gateway installation directory>/etc/pki/java/cacerts
<Gateway installation directory>/etc/ssl/certs/java/cacerts

# macOS
$<Gateway installation directory>/lib/security/cacerts
$<Gateway installation directory>/jre/lib/security/cacerts

# Windows
C:\Program Files (x86)\<Gateway installation directory>\jre<version>\lib\security\cacerts
Copy link
Member

@matifali matifali Jun 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If using JetBrains Toolbox, the path is,
%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts

```

To add the certificate to the keystore, you can use the `keytool` utility that ships
with Java:

```console
keytool -import -alias coder -file <certificate> -keystore /path/to/trust/store
```

On Windows, you can use `keytool` that ships with the JetBrains Gateway installation.
For example:

```powershell
& 'C:\Program Files\JetBrains\JetBrains Gateway <version>/jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway <version>/jbr/lib/security/cacerts' -import -alias coder -file <cert>
Copy link
Member

@matifali matifali Jun 1, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

similarly

& '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\apps\Gateway\ch-0\<VERSION>\jbr\bin\keytool.exe' '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts' -import -alias coder -file <cert>

```