設定感應器以使用 Proxy 伺服器進行通訊
成功的掃描需要可以和 CertCentral 雲端服務通訊的感應器。這允許其接收與憑證探索關聯的指示和報告憑證庫存更新。
問題
您將 DigiCert 感應器安裝在需要 Proxy 伺服器和您的網路外部通訊的電腦上。現在,感應器無法將發現的內容傳回您的 CertCentral 帳戶中的「探索」,並防止您看到掃描的結果。
解決方案
設定 DigiCert 感應器以使用 Proxy 伺服器,這樣可以和您 CertCentral 帳戶中的「探索」通訊,允許您看到掃描的結果。
在您開始前
您必須有使用 Proxy 伺服器的作業系統工作的經驗。
您必須有系統管理權限。
Note
您的系統必須已安裝感應器 3.8.26 版或更新版本。
Configure proxy settings
From the sensor installation directory, access the config subdirectory.
Locate the file called proxy.properties. If it does not already exist, create it here. An example of this file is provided below.
Open the proxy.properties file in a text editor and configure the following parameters for proxy access:
enableProxy:
trueenables proxy access andfalsedisables it.httpsHost: IP address of the proxy server to use.
httpsHostPort: Port number for the proxy server.
httpsAuthUser: Username for authentication on the proxy server (basic authentication only), if required.
httpsAuthPassword: Password for authentication on the proxy server (basic authentication only), if required.
Restart the sensor service to encrypt the proxy passwords and upload the proxy information.
Alternatively, use the sensor
applyproxysettingscommand to apply the proxy settings without restarting the sensor:Windows: change into the sensor cli subdirectory and run
applyproxysettings.bat -file ..\config\proxy.propertiesLinux: change into the sensor cli subdirectory and run
./applyproxysettings.sh -file ../config/proxy.propertiesDocker: use the above Linux command if running from an interactive shell, or else run
docker exec -it <container-id/name> <sensor-install-path>/cli/applyproxysettings.sh -file <sensor-install-path>/config/proxy.properties
The following is an example of the config/proxy.properties file:
enableProxy=true httpsHost=10.125.125.125 httpsHostPort=443 httpsAuthUser=system01@Admin httpsAuthPassword=mypassword
下一步是什麼
感應器現在可以使用 Proxy 伺服器將其發現傳回您的 CertCentral 帳戶中的「探索」,這樣您就可以看到掃描結果。