Hi,
We are currently trying to pair the Virtual Appliance (VA) to the Identity Service Connector (ISC) with proxy settings. While we were able to pair the VA on ISC, it is not showing a healthy status.
We are experiencing SSL certificate verification failures in our ISC VA, which we suspect is caused by the proxy’s certificate missing from the VA server. The VA operates behind a corporate proxy infrastructure, and we require guidance on properly configuring certificate trust for the VA agent.
We see the following error in the va_agent logs:
{"@timestamp":"2025-07-09T03:14:48.756","level":"ERROR","type":"agent","message":"Poll error: RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 peeraddr=<proxy ip>:<port> state=error: certificate verify failed (unable to get local issuer certificate): [\"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:776:in 'RestClient::Request#transmit'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:163:in 'RestClient::Request#execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:63:in 'RestClient::Request.execute'\", \"/opt/sailpoint/lib/v2/api.rb:145:in 'ApiServiceV2#execute_request'\", \"/opt/sailpoint/lib/v2/api.rb:41:in 'ApiServiceV2#cc_call'\", \"/opt/sailpoint/lib/api.rb:111:in 'SailPoint::API#poll'\", \"/opt/sailpoint/bin/va_agent.rb:138:in 'Object#poll_server'\", \"/opt/sailpoint/bin/va_agent.rb:280:in 'Object#are_credentials_valid?'\", \"/opt/sailpoint/bin/va_agent.rb:319:in 'Object#wait_for_valid_credentials'\", \"/opt/sailpoint/bin/va_agent.rb:599:in 'block in <main>'\", \"<internal:kernel>:168:in 'Kernel#loop'\", \"/opt/sailpoint/bin/va_agent.rb:594:in '<main>'\"]"}
{"@timestamp":"2025-07-09T03:14:48.756","level":"ERROR","type":"agent","message":"Unable to authenticate with SailPoint."}
Do we need to insert the proxy’s certification on VA?
If so, may I know how?
Many thanks.
Longinus Chan