Introduction
By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate. The root Quick Web Proxy certificate as well as domain certificates are generated only once (they are generated on the first successful connection to a domain):
However, from Windows Agent 15.0, it's possible to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate.
On-Premise Deployments
Follow the instructions below to configure your own certificate and private key.
Step 1: Make Changes to the Database Table
On your database admin tool (e.g., pgAdmin), open the kv_store table located inside tm_onsite > public. Add/insert the following keys and values into the kv_store table:
Key | Description | Example Value |
ca_root.pkey_pass | Private key passphrase |
|
ca_root.cert_data | Certificate data |
|
ca_root.pkey_data | Private key data |
|
The Server cannot validate these values. It's up to you to ensure the values you enter are correct and the corresponding path/files are present. In case the Agent receives empty or invalid certificate data from the server, it will use the default Quick Web Proxy certificate.
Step 2: Restart the Server
Restart the server using the following command:
sudo systemctl restart teramind
Cloud Deployments
Please contact Teramind Support to help you set up your own, self-signed certificate.