using a proxy to discover certificates

Detlef Biederma
Tera Expert

‎05-17-2023 01:16 AM

Hello 

 

I'm in a transition project to implement  "Certificate Inventory and Management"     (discover certificates). 

 

We have a huge URL list to discover  (consist of internal and external webservers) 

( external webserver =  webserver located outside of our LAN) 

The external webserver can be reached from internally  only by using a proxy. 

 

My knowledge:    mid server - using a proxy  -  will only be used to communicate with Servicenow   
(will not be used to discover external certificates).  

 

My assumption for resolution: 

a) open firewall - that the mid server can reach the external webservers

b) install a mid server which is located also external  (can reach the webservers directly)

 

Sincerely Detlef Biedermann

 

0 Helpfuls
  • 1,019 Views
8 REPLIES 8

RK2
Tera Expert

‎05-17-2023 06:22 AM - edited ‎05-17-2023 06:24 AM

Hi @Detlef Biederma ,

 

You can configure proxy in MID server properties which will be used for discovery purpose. Please refer ServiceNow KB "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0744474" about the same. Also please note that once proxy is configured then all the communications of that MID server will go through that proxy only. So it might cause some performance issues depends on the proxy configuration.

 

RK2_0-1684329835039.png

 

0 Helpfuls

Detlef Biederma
Tera Expert
In response to RK2

‎05-17-2023 07:08 AM

Hello and thanks for the feedback. 

 

I tried to use this parameter. 

 

The the moment the proxy server squid is not configured to use   username/password

 

DetlefBiederma_4-1684332513718.png

 

 

But squid - shows me only traffic to my SN PDI

 

DetlefBiederma_5-1684332513617.png

 

 

my certification discover job - (destination is an amazon linux server) 

 

DetlefBiederma_6-1684332513709.png

 

 

my environment

DetlefBiederma_7-1684332513649.png

 

 

Last I can imagen - is the proxy only used when not reached without proxy ?

 

Many thanks.

 

Sincerely Detlef Biedermann

 

0 Helpfuls

Detlef Biederma
Tera Expert

‎05-17-2023 07:08 AM - edited ‎05-18-2023 11:49 PM

  

0 Helpfuls

mendyonofex
Giga Contributor

‎09-29-2023 03:12 AM - edited ‎10-02-2023 04:29 AM

To tackle this issue, you have a couple of assumptions to consider. One option is to open up the firewall so that the mid server can reach the external webservers. Another option is to set up a separate mid server externally, which can directly access the webservers. Changing proxy may also work out. Let us know what worked for you.

0 Helpfuls