IMPORTANT: we have implemented this functionality for simple monitors (e.g. https) and webdriver only. Fullpage and jmeter use the java certificate store which is more complex to sync with the system repos and will be implemented in the future, for an update contact Broadcom Support

 

To use this feature use the below additional setting on top of all the command line options suggested by the install steps in the ASM UI:

 

where the /usr/local/share/ca-certificates is the directory where you place the custom certificates (crt files). The directory will be mounted in the containers and all certificates signed by these authorities will be trusted. As you can see, the directory name in this example is the default location for debian systems but it can be a custom value.

 

NOTE: 

In order to avoid any known vulnerabilities we upgraded all the used libraries for this new installer and the side effect is that the installer requires (because of the third party libraries) a relatively new version of docker on the OPMS. On debian, the versions which works are

ii  docker-ce                       5:27.5.1-1~debian.12~bookworm  amd64        Docker: the open-source application container engine
ii  docker-ce-cli                   5:27.5.1-1~debian.12~bookworm  amd64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras       5:27.5.1-1~debian.12~bookworm  amd64        Rootless support for Docker.
ii  docker-compose-plugin           2.32.3-1~debian.12~bookworm    amd64        Docker Compose (V2) plugin for the Docker CLI.