Introduction
By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate. The root Quick Web Proxy certificate as well as domain certificates are generated only once (they are generated on the first successful connection to a domain):
From Windows Agent 15.0, it's possible to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate.
Follow the instructions below to configure your own certificate and private key.
Step 1: Make Changes to the Database Table
On your database admin tool (e.g., pgAdmin), open the kv_store table located inside tm_onsite > public. Add/insert the following keys and values into the key_store table:
Key | Description | Example Value |
ca_root.pkey_pass | Private key passphrase |
|
Option 1*
ca_root.cert_data | Certificate data |
|
ca_root.pkey_data | Private key data |
|
Option 2*
ca_root.cert_data | Certificate data |
|
ca_root.pkey_data | Private key data |
|
*If you use Option 1 then you don't need to use Option 2 or vice versa.
The Server cannot validate these values. It's up to you to ensure the values you enter are correct and the corresponding path/files are present. In case the Agent receives empty or invalid certificate data from the server, it will use the default Quick Web Proxy certificate.
Step 2: Copy the Necessary Files (optional)
If you used Option 2 from the table in Step 1, then you don't have to follow this step.
If you used Option 1 from the table above, you will need to first create a folder somewhere at the target computer/endpoint. For example, C:\certs
. You will then have to copy the corresponding certificate and private key (.pem files) into the folder.
Step 3: Restart the Server
Restart the server using the following command:
sudo systemctl restart Teramind