For the Virtru Private Keystore (for Google Workspace CSE) application to leverage certificates and unique proxy settings, there are a few changes needed. The steps to add your internal certificate authority and any relevant proxy configurations in your environment are the following:
1. Log into your CSE host and navigate to the CSE working directory
2. Place your internal CA certificate in the CSE working directory alongside the existing CSE server.cert and server.key
3. Map the internal certificate authority cert into the container via the run.sh script. The line to add in the run.sh script is the following:
-v /path/to/your/YourCert.crt:/etc/ssl/certs/YourCert.crt \
Example run.sh script after implementing the cert mapping to the container:
docker run --detach \
--env-file ./cse.env \
-p 443:9000 \
-v /var/virtru/cse/server.cert:/run/secrets/server.cert \
-v /var/virtru/cse/server.key:/run/secrets/server.key \
-v /var/virtru/cse/YourCert.crt:/etc/ssl/certs/YourCert.crt
--restart unless-stopped \
--name cse-5.2.0 \
virtru/cse:v5.2.0
4. Add a line with the variable for the additional CA certificates to your cse.env file:
NODE_EXTRA_CA_CERTS=/etc/ssl/certs/YourCert.crt
5. Add two additional lines with the proxy variables in the cse.env file
HTTPS_PROXY=proxyhostname:port
HTTP_PROXY=proxyhostname:port
6. Stop, remove and start up the CSE container and check the logs for any errors.
docker stop <containerID>
docker rm <containerID>
sh /yourworkingdirectory/run.sh
docker logs <containerID> -f