I believe you are trying to add webproxy.abc.xyx.services in the no_proxy parameter so that the call to webproxy.abc.xyx.services do not get routed via your existing proxies. You should not touch existing https_proxy and http_proxy paramaters or add new of them.
You have to add no_proxy parameter such that the proxy.yaml file looks like below:
https_proxy: http://11.44.112.0:80/
http_proxy: http://11.44.112.0:80/
no_proxy: webproxy.abc.xyx.services
I have had the same problem as indicated in the thread, I have realized two things, the first is that it only works when I separate the hosts by commas, if I include PIPE it only takes the first host, the rest does not apply and second, if you make this change and perform a curl -kv you should see if it comes out by proxy or not. In my case it works correctly and distinguishes between internal and external, that is, “no_proxy: yourdomain.int,yordomain2.int”
The problem I find with this is that curl works for all traffic, it channels the routes well, but the web service connector does not apply this change correctly and except for this connector everything is correct
Hi @shaileeM /@MeKhalbi /@suraj_gorle /@Sivakrishna1993 /@sgtorrecilla /@Manish4031
Thank you for providing your inputs on this issue.
This error is resolved by whitelisting the proxy on application side.
But we are now getting below error during test connection. although we have placed the certificate in home/sailpoint/certificates folder.
the certificate extension is .pfx
Exception occurred in Test Connection.Url: https://host.dev.com/rest/v1/userconfig/user, Message: 0 : javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, HTTP Error Code: 0
Note:-This is webservice connector
I would appreciate your input on how to resolve this issue.
Thanks,
Divya
Hi
Have you added hosts.yaml file in VA ? If not please add host name and IP
Refer below link
https://developer.sailpoint.com/discuss/t/hosts-yaml-file-example/55814
Thanks,
Siva.K
Did you restart ccg or reboot the VA after adding the certificate ?
Yes, we did ccg restart.
is .pfx extension is valid extension of VA certificates or do we need to change it to .crt or any other extension ?
I would change it to .crt, I have a web service connector configured and I imported the .crt certificate and it worked well.
You can either use .crt or .cer. Also, please ensure that the full cert chain is included in your certificate.
Hi @Divya_Kusumula03
Good day!
Kindly use .cer format and ensure that the same certificate is placed in Trusted Root Certification Authorities folder in the target system. If not please ask team to install and after try test connection.
Thank you!
Hi
We have used .pem and .crt both worked fine. issue is resolved now.
Thanks,
Divya
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.