Configuring an HTTP proxy
At the root of the Platforms tree, you can configure a single proxy to be used by all Trust Protection Platform engines and HTTP-based services. If your organization has multiple proxies, we recommend that you set the most used proxy address at the top of the Platforms tree and then override that setting with a different address on individual Trust Protection Platform engines.
A proxy can be configured on an individual Trust Protection Platform engine if the proxy setting at the root of the Platforms tree has not been locked. Setting a proxy configuration on an individual Trust Protection Platform engine overrides the value set at the root of the Platforms tree.
JWT Mappings operate in tandem with the central proxy configurations set at the root of the Platforms tree. See About JWT Mappings.
Venafi Platform and the Amazon AWS SDK use the System.Net.HttpWebRequest
class, which uses the Microsoft Crypto API to perform revocation checking as part of the SSL/TLS handshake. The MS Crypto API must be configured to use the proxy during revocation checking so that these requests will be performed through the proxy as well.
You may see this issue with any Venafi Platform driver, or in some other areas of Venafi Platform. For more information see the following Microsoft documentation:
-
From the Platform menu bar, click Policy Tree.
- Select the Platforms tree from the Tree drop-down menu.
- Select the root of the Platforms tree.
- Select the Platforms tab, and then click Proxy.
-
Configure the proxy settings.
TIP To prevent a proxy from being set on an individual Trust Protection Platform engine, lock the proxy settings at the root of the Platforms tree.
-
From the Platform menu bar, click Policy Tree.
- Select the Platforms tree from the Tree drop-down menu.
- Select theTrust Protection Platform engine that will hold the settings.
- Select the Venafi Trust Protection Platform tab, and then click Proxy.
-
Configure the proxy settings.