Skip to main content

Configure a sensor to use a proxy server for communications

A successful scan requires a sensor that can communicate with the CertCentral cloud service. This allows it to receive instructions associated with certificate discovery and to report on certificate inventory updates.

Problem

You installed the DigiCert Sensor on a computer that requires a proxy server to communicate outside your network. Now the sensor cannot relay its findings back to Discovery in your CertCentral account, and it's preventing you from seeing the results of the scan.

Solution

Configure the DigiCert Sensor to use a proxy server so it can communicate with Discovery in your CertCentral account, allowing you to see the results of the scan.

Before you begin

  • You must have experience working with the proxy server's operating system.

  • You must have administrative permissions.

Note

You must have sensor version 3.8.26, or higher, installed on your system.

Configure proxy settings

  1. From the sensor installation directory, access the config subdirectory.

  2. Locate the file called proxy.properties. If it does not already exist, create it here. An example of this file is provided below.

  3. Open the proxy.properties file in a text editor and configure the following parameters for proxy access:

    • enableProxy: true enables proxy access and false disables it.

    • httpsHost: IP address of the proxy server to use.

    • httpsHostPort: Port number for the proxy server.

    • httpsAuthUser: Username for authentication on the proxy server (basic authentication only), if required.

    • httpsAuthPassword: Password for authentication on the proxy server (basic authentication only), if required.

  4. Restart the sensor service to encrypt the proxy passwords and upload the proxy information.

    Alternatively, use the sensor applyproxysettings command to apply the proxy settings without restarting the sensor:

    • Windows: change into the sensor cli subdirectory and run applyproxysettings.bat -file ..\config\proxy.properties

    • Linux: change into the sensor cli subdirectory and run ./applyproxysettings.sh -file ../config/proxy.properties

    • Docker: use the above Linux command if running from an interactive shell, or else run docker exec -it <container-id/name> <sensor-install-path>/cli/applyproxysettings.sh -file <sensor-install-path>/config/proxy.properties

The following is an example of the config/proxy.properties file:

enableProxy=true
httpsHost=10.125.125.125
httpsHostPort=443
httpsAuthUser=system01@Admin
httpsAuthPassword=mypassword

What's next

The sensor can now use the proxy server to relay its findings back to Discovery in your CertCentral account, so you can see the results of the scan.