using a proxy to discover certificates

Detlef Biederma
Tera Expert

Hello 

 

I'm in a transition project to implement  "Certificate Inventory and Management"     (discover certificates). 

 

We have a huge URL list to discover  (consist of internal and external webservers) 

( external webserver =  webserver located outside of our LAN) 

The external webserver can be reached from internally  only by using a proxy. 

 

My knowledge:    mid server - using a proxy  -  will only be used to communicate with Servicenow   
(will not be used to discover external certificates).  

 

My assumption for resolution: 

a) open firewall - that the mid server can reach the external webservers

b) install a mid server which is located also external  (can reach the webservers directly)

 

Sincerely Detlef Biedermann

 

8 REPLIES 8

RK2
Tera Expert

Hi @Detlef Biederma ,

 

You can configure proxy in MID server properties which will be used for discovery purpose. Please refer ServiceNow KB "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0744474" about the same. Also please note that once proxy is configured then all the communications of that MID server will go through that proxy only. So it might cause some performance issues depends on the proxy configuration.

 

RK2_0-1684329835039.png

 

Hello and thanks for the feedback. 

 

I tried to use this parameter. 

 

The the moment the proxy server squid is not configured to use   username/password

 

DetlefBiederma_4-1684332513718.png

 

 

But squid - shows me only traffic to my SN PDI

 

DetlefBiederma_5-1684332513617.png

 

 

my certification discover job - (destination is an amazon linux server) 

 

DetlefBiederma_6-1684332513709.png

 

 

my environment

DetlefBiederma_7-1684332513649.png

 

 

Last I can imagen - is the proxy only used when not reached without proxy ?

 

Many thanks.

 

Sincerely Detlef Biedermann

 

Detlef Biederma
Tera Expert

  

mendyonofex
Giga Contributor

To tackle this issue, you have a couple of assumptions to consider. One option is to open up the firewall so that the mid server can reach the external webservers. Another option is to set up a separate mid server externally, which can directly access the webservers. Changing proxy may also work out. Let us know what worked for you.