Rocketchat-desktop snap custom CA certificate

Is there a way to get the rocketchat-desktop snap to read the system CA certificates file or otherwise allow me to inject a custom CA cert so that my users don’t get a warning about our internally signed certificate?

From reading elsewhere here (search CA, https, self signed etc) I think the answer is to disable all https in Rocket and use nginx/apache on the same machine to handle it with a reverse proxy to localhost:3000 on Rocket.



Yeah… I’m not talking about the rocketchat-server … I’m talking about the rocketchat-desktop snap… since we’re using an internal CA … and even though we have the cert chain for everything added to the system cert store /etc/ssl/certs/ca-certificates.crt … the desktop snap still says it can’t validate the cert from our rocketchat-server …

Ah ok.

I need to check.

Leave it with.

1 Like

Ok, so this starts the hunt. This is more a snaps issue than a Rocket issue, but there is one potential issue I can foresee.

Snaps are extremely restrictive on permissions. They are not like a normal app/package.

So it can only see files in a very narrow area, and that will not include /etc

So the certs probably need to be somewhere in /var/snap/something to have a chance of being read.

We can see some generic snap questions on Rocket.Chat server here:

I’m not sure what variables can be set directly in the snap. You can find them with something like:

snap get rocketchat-electron

There are also environment variables too.

I have asked if anyone internally can answer this - I’ll get back when I hear.