using a proxy to discover certificates
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2023 01:16 AM
Hello
I'm in a transition project to implement "Certificate Inventory and Management" (discover certificates).
We have a huge URL list to discover (consist of internal and external webservers)
( external webserver = webserver located outside of our LAN)
The external webserver can be reached from internally only by using a proxy.
My knowledge: mid server - using a proxy - will only be used to communicate with Servicenow
(will not be used to discover external certificates).
My assumption for resolution:
a) open firewall - that the mid server can reach the external webservers
b) install a mid server which is located also external (can reach the webservers directly)
Sincerely Detlef Biedermann
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2023 06:22 AM - edited 05-17-2023 06:24 AM
Hi @Detlef Biederma ,
You can configure proxy in MID server properties which will be used for discovery purpose. Please refer ServiceNow KB "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0744474" about the same. Also please note that once proxy is configured then all the communications of that MID server will go through that proxy only. So it might cause some performance issues depends on the proxy configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2023 07:08 AM
Hello and thanks for the feedback.
I tried to use this parameter.
The the moment the proxy server squid is not configured to use username/password
But squid - shows me only traffic to my SN PDI
my certification discover job - (destination is an amazon linux server)
my environment
Last I can imagen - is the proxy only used when not reached without proxy ?
Many thanks.
Sincerely Detlef Biedermann
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2023 07:08 AM - edited 05-18-2023 11:49 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-29-2023 03:12 AM - edited 10-02-2023 04:29 AM
To tackle this issue, you have a couple of assumptions to consider. One option is to open up the firewall so that the mid server can reach the external webservers. Another option is to set up a separate mid server externally, which can directly access the webservers. Changing proxy may also work out. Let us know what worked for you.