First time ISC engineer here. I have created a Personal Access Token in my sandbox environment with sp:scopes:all. I have installed the SailPoint Identity Security Cloud vscode extension and created a connection to my sandbox environment, providing client ID and secret. I am able to expand the tenant and can see folders underneath (Sources/Transforms/…/Campaigns at bottom). When I attempt to expand any of the folders I am getting “Error: unable to get local issuer certificate”. I have confirmed my company certificate is available in current user Trusted Root Certification Authorities. I have no issues browsing to my sandbox environment via Chrome or Edge. I can connect via api call through powershell authenticating with PAT without issue.
I attempted each of these to no avail. Exporting the certificate from my Trusted Root Certification Authorities (verified it is the same certificate used for web browsing) and creating NODE_EXTRA_CA_CERTS system variable and pointing it at the .crt (PEM format) file location. Also tried proxyStrictSSL false to no avail. I am using the latest extension (just installed it last Friday).
I will contact my company’s network team for assistance tomorrow. Assuming that all necessary certificates are correctly installed and there are no VS Code options I can explore that do not violate my company’s security policy is there any alternative for this extension?
Wanted to give an update on this. After multiple hours with my company’s proxy network security team we have been unable to move the needle on this issue in any way. We have configured our proxy to simply pass the traffic on through to our edge firewall, we have checked, unchecked, and configured each and every proxy setting within VS Code. I have no issues contacting the VS Code marketplace, no issues keeping the extension up to date, no issues reaching our sandbox tenant via any web browser. We have tried placing plaintext proxy authentication within VS Code. It appears that the simple act of inspecting the traffic, even if to simply pass it on to the next hop in the network breaks the extension.
2 Likes
In VSCODE security tab you have enable the trust option.
If it not working then re-add your tendent to vscode.
Thanks,
Siva.K
We ultimately had to include *.identitynow.com in our proxy bypass logic. None of the options with VS Code regarding proxy had any affect we tested on multiple VS Code installs on my team.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.