Skip to main content
All CollectionsTroubleshooting and How-ToHow-To Articles
How to use your own proxy certificate (On-Premise)
How to use your own proxy certificate (On-Premise)
A
Written by Arick Disilva
Updated over 6 months ago

Introduction

By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate. The root Quick Web Proxy certificate as well as domain certificates are generated only once (they are generated on the first successful connection to a domain):

From Windows Agent 15.0, it's possible to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate.

Follow the instructions below to configure your own certificate and private key.

Step 1: Make Changes to the Database Table

On your database admin tool (e.g., pgAdmin), open the kv_store table located inside tm_onsite > public. Add/insert the following keys and values into the key_store table:

Key

Description

Example Value

ca_root.pkey_pass

Private key passphrase

123456

Option 1*

ca_root.cert_data

Certificate data

-----BEGIN CERTIFICATE-----
MIIfDCCA2SgAwIBAgIJAOW/.........
-----END CERTIFICATE-----

ca_root.pkey_data

Private key data

-----BEGIN CERTIFICATE-----
MIIfDCCA2SgAwIBAgIJAOW/.........
-----END CERTIFICATE-----

Option 2*

ca_root.cert_data

Certificate data

-----BEGIN CERTIFICATE-----
MIIfDCCA2SgAwIBAgIJAOW/.........
-----END CERTIFICATE-----

ca_root.pkey_data

Private key data

-----BEGIN CERTIFICATE-----
MIIfDCCA2SgAwIBAgIJAOW/.........
-----END CERTIFICATE-----

*If you use Option 1 then you don't need to use Option 2 or vice versa.

The Server cannot validate these values. It's up to you to ensure the values you enter are correct and the corresponding path/files are present. In case the Agent receives empty or invalid certificate data from the server, it will use the default Quick Web Proxy certificate.

Step 2: Copy the Necessary Files (optional)

If you used Option 2 from the table in Step 1, then you don't have to follow this step.

If you used Option 1 from the table above, you will need to first create a folder somewhere at the target computer/endpoint. For example, C:\certs. You will then have to copy the corresponding certificate and private key (.pem files) into the folder.

Step 3: Restart the Server

Restart the server using the following command:

sudo systemctl restart Teramind
Did this answer your question?