From e7e53d4ddf4d94e860aeb17d680d31958929e48a Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 31 May 2023 19:58:17 +0000 Subject: [PATCH 1/4] docs: gateway & self-signed certs --- docs/ides/gateway.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docs/ides/gateway.md b/docs/ides/gateway.md index a53ec01212faf..c3a3b8e8dbf96 100644 --- a/docs/ides/gateway.md +++ b/docs/ides/gateway.md @@ -74,3 +74,44 @@ explaining this IDE specification. ![Gateway IDE Opened](../images/gateway/gateway-intellij-opened.png) > Note the JetBrains IDE is remotely installed into `~/.cache/JetBrains/RemoteDev/dist` + +## Configuring Gateway to use self-signed certificates + +When attempting to connect to a Coder deployment that uses self-signed certificates, +you may receive the following error in Gateway: + +```console +Failed to configure connection to https://coder.internal.enterprise/: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target +``` + +To resolve this issue, you will need to add Coder's certificate to the Java trust store +present on your local machine. Here is the default location of the trust store for +each OS: + +```console +# Linux +$JAVA_HOME/lib/security/cacerts +/etc/pki/java/cacerts +/etc/ssl/certs/java/cacerts + +# macOS +$(/usr/libexec/java_home)/lib/security/cacerts +$(/usr/libexec/java_home)/jre/lib/security/cacerts + +# Windows +C:\Program Files (x86)\Java\jre\lib\security\cacerts +``` + +To add the certificate to the keystore, you can use the `keytool` utility that ships +with Java: + +```console +keytool -import -alias coder -file -keystore /path/to/trust/store +``` + +On Windows, you can use `keytool` that ships with the JetBrains Gateway installation. +For example: + +```powershell +& 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/lib/security/cacerts' -import -alias coder -file +``` From 212bc4ecf88c52a4164481d9588a6e5555615756 Mon Sep 17 00:00:00 2001 From: Eric Date: Wed, 31 May 2023 21:17:03 +0000 Subject: [PATCH 2/4] docs: update trust store locations --- docs/ides/gateway.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/ides/gateway.md b/docs/ides/gateway.md index c3a3b8e8dbf96..d97283ecd44e1 100644 --- a/docs/ides/gateway.md +++ b/docs/ides/gateway.md @@ -91,15 +91,15 @@ each OS: ```console # Linux $JAVA_HOME/lib/security/cacerts -/etc/pki/java/cacerts -/etc/ssl/certs/java/cacerts +/etc/pki/java/cacerts +/etc/ssl/certs/java/cacerts # macOS -$(/usr/libexec/java_home)/lib/security/cacerts -$(/usr/libexec/java_home)/jre/lib/security/cacerts +$/lib/security/cacerts +$/jre/lib/security/cacerts # Windows -C:\Program Files (x86)\Java\jre\lib\security\cacerts +C:\Program Files (x86)\\jre\lib\security\cacerts ``` To add the certificate to the keystore, you can use the `keytool` utility that ships From 2211353d8f6cbf671768b044ea9383e9b688e683 Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 1 Jun 2023 16:44:04 +0000 Subject: [PATCH 3/4] toolbox paths --- docs/ides/gateway.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/docs/ides/gateway.md b/docs/ides/gateway.md index d97283ecd44e1..f157fccc96592 100644 --- a/docs/ides/gateway.md +++ b/docs/ides/gateway.md @@ -75,9 +75,9 @@ explaining this IDE specification. > Note the JetBrains IDE is remotely installed into `~/.cache/JetBrains/RemoteDev/dist` -## Configuring Gateway to use self-signed certificates +## Configuring Gateway to use internal certificates -When attempting to connect to a Coder deployment that uses self-signed certificates, +When attempting to connect to a Coder deployment that uses internally signed certificates, you may receive the following error in Gateway: ```console @@ -90,16 +90,15 @@ each OS: ```console # Linux -$JAVA_HOME/lib/security/cacerts -/etc/pki/java/cacerts -/etc/ssl/certs/java/cacerts +/jbr/lib/security/cacerts # macOS -$/lib/security/cacerts -$/jre/lib/security/cacerts +/jbr/lib/security/cacerts +/Library/Application Support/JetBrains/Toolbox/apps/JetBrainsGateway/ch-0//JetBrains Gateway.app/Contents/jbr/Contents/Home/lib/security/cacerts # Path for Toolbox installation # Windows -C:\Program Files (x86)\\jre\lib\security\cacerts +C:\Program Files (x86)\\jre\lib\security\cacerts +%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts # Path for Toolbox installation ``` To add the certificate to the keystore, you can use the `keytool` utility that ships @@ -114,4 +113,7 @@ For example: ```powershell & 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/lib/security/cacerts' -import -alias coder -file + +# command for Toolbox installation +& '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\apps\Gateway\ch-0\\jbr\bin\keytool.exe' '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts' -import -alias coder -file ``` From 69b8debf9bcc33e97000eaab7dac4315577aa7f9 Mon Sep 17 00:00:00 2001 From: Eric Date: Thu, 1 Jun 2023 18:41:08 +0000 Subject: [PATCH 4/4] fix: windows cacerts location --- docs/ides/gateway.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ides/gateway.md b/docs/ides/gateway.md index f157fccc96592..43d848331e00d 100644 --- a/docs/ides/gateway.md +++ b/docs/ides/gateway.md @@ -112,7 +112,7 @@ On Windows, you can use `keytool` that ships with the JetBrains Gateway installa For example: ```powershell -& 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/lib/security/cacerts' -import -alias coder -file +& 'C:\Program Files\JetBrains\JetBrains Gateway /jbr/bin/keytool.exe' 'C:\Program Files\JetBrains\JetBrains Gateway /jre/lib/security/cacerts' -import -alias coder -file # command for Toolbox installation & '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\apps\Gateway\ch-0\\jbr\bin\keytool.exe' '%USERPROFILE%\AppData\Local\JetBrains\Toolbox\bin\jre\lib\security\cacerts' -import -alias coder -file