[website/doc] integrations: Enhance Apache Guacamole integration how to login with selfsigned CA #13671
Description
Reissue #12582 with new template.
Do you see an area that can be clarified or expanded, a technical inaccuracy, or a broken link? Please describe.
Enhance Apache Guacamole integration with information how to successfully login with self-signed CA.
Provide the URL or link to the exact page in the documentation to which you are referring.
https://docs.goauthentik.io/integrations/services/apache-guacamole/
Describe the solution you'd like
If using a selfsigned Certificate with a self-signed CA then login with OpenID fails because the JWT validation of the authentik token fails and is rejected in consequence.
The solution is to add your CA to both /etc/ssl/certs/ca-certificates.crt and to /opt/java/openjkd/jre/lib/security/cacerts
Here is how to do the latter part:
openssl pkcs12 -export -in yourCA.crt -inkey yourCA.key -out yourCA.p12 -passout pass:something
keytool -importkeystore -srckeystore yourCA.p12 -srcstoretype PKCS12 -keystore /opt/java/openjdk/jre/lib/security/cacerts -deststorepass changeit -nopromt -srcstorepass something