using a proxy to discover certificates

Detlef Biederma
Tera Expert

Hello 

 

I'm in a transition project to implement  "Certificate Inventory and Management"     (discover certificates). 

 

We have a huge URL list to discover  (consist of internal and external webservers) 

( external webserver =  webserver located outside of our LAN) 

The external webserver can be reached from internally  only by using a proxy. 

 

My knowledge:    mid server - using a proxy  -  will only be used to communicate with Servicenow   
(will not be used to discover external certificates).  

 

My assumption for resolution: 

a) open firewall - that the mid server can reach the external webservers

b) install a mid server which is located also external  (can reach the webservers directly)

 

Sincerely Detlef Biedermann

 

8 REPLIES 8

korensdervs
Tera Contributor

If your mid server, located internally, needs to communicate with external web servers through a proxy, you'll need to ensure that the firewall allows the necessary traffic. If there have been changes to iDrive or rclone since you buy proxies, it is recommended that you check the relevant websites or communities for the most accurate information. This includes outbound connections from the mid server to the external web servers via the proxy. Another approach is to install a mid server on a machine located externally. This way, the mid server can directly reach the external web servers without going through a proxy. This might simplify the network configuration and potentially improve performance, as there's no need for an additional hop through a proxy.

doug_schulze
ServiceNow Employee
ServiceNow Employee

Your knowledge and assumptions are correct, the proxy is just for communication out to your servicenow instance. 

 

If you are dealing with a network proxy/firewall, you would just want to be sure that the outbound connection to those websites are available to the mid server and its IP  including possibly the other tls ports as defined on the port probe. The latter I don't think you will need to deal with as making a web connection to a public url gotta assume you just need 443 open out unless you have something specific port call in your url. Should be easy to do with little configuration, as long as your network team works with you.

EvanStein
Tera Contributor

Hey! Your project sounds intriguing. Opening the firewall for the mid server could be a solid step, ensuring it can reach external webservers directly. Another option, installing an external mid server, seems plausible too. On a different note, have you considered proxies for Instagram? They're not just for privacy; they can be handy in various projects. A reliable proxy can add an extra layer of security, especially when dealing with external servers.

Razzumash
Tera Contributor

For me, it sounds like you're knee-deep in a tricky project! Dealing with certificates and web servers can be a real headache sometimes.
Your assumptions for resolution seem solid. Opening up the firewall or installing a mid server externally both sound like viable options to ensure you can reach those external web servers.
If you're looking for more info on proxies, you should check out Types of proxies. It might give you some additional insights into navigating through this transition project. Anyway, I wish you good luck with everything!