Is there a way to get the rocketchat-desktop snap to read the system CA certificates file or otherwise allow me to inject a custom CA cert so that my users don’t get a warning about our internally signed certificate?
From reading elsewhere here (search CA, https, self signed etc) I think the answer is to disable all https in Rocket and use nginx/apache on the same machine to handle it with a reverse proxy to localhost:3000 on Rocket.
Eg
Or
Yeah… I’m not talking about the rocketchat-server … I’m talking about the rocketchat-desktop snap… since we’re using an internal CA … and even though we have the cert chain for everything added to the system cert store /etc/ssl/certs/ca-certificates.crt … the desktop snap still says it can’t validate the cert from our rocketchat-server …
Ah ok.
I need to check.
Leave it with.
1 Like
Ok, so this starts the hunt. This is more a snaps issue than a Rocket issue, but there is one potential issue I can foresee.
Snaps are extremely restrictive on permissions. They are not like a normal app/package.
So it can only see files in a very narrow area, and that will not include /etc
So the certs probably need to be somewhere in /var/snap/something to have a chance of being read.
We can see some generic snap questions on Rocket.Chat server here:
https://docs.rocket.chat/docs/snaps-faq
I’m not sure what variables can be set directly in the snap. You can find them with something like:
snap get rocketchat-electron
There are also environment variables too.
I have asked if anyone internally can answer this - I’ll get back when I hear.