配置传感器使用代理服务器进行通信
要成功扫描,需要有一个可以和 CertCentral 云服务通信的传感器。这使得它可以接收与证书发现相关的说明以及报告证书清单更新。
问题
您已经将 DigiCert 传感器安装在需要通过代理服务器与网络外通信的计算机上。现在,传感器无法将其发现结果转发至您的 CertCentral 帐户中的 Discovery,从而导致您无法看到扫描结果。
解决方案
将 DigiCert 传感器配置为使用代理服务器,使其可以和您的 CertCentral 帐户中的 Discovery 通信,从而使您可以看到扫描结果。
在开始之前
拥有使用代理服务器操作系统的经验。
您必须拥有管理员权限。
注意
必须在系统上安装传感器版本 3.8.26 或更高版本。
Configure proxy settings
From the sensor installation directory, access the config subdirectory.
Locate the file called proxy.properties. If it does not already exist, create it here. An example of this file is provided below.
Open the proxy.properties file in a text editor and configure the following parameters for proxy access:
enableProxy:
trueenables proxy access andfalsedisables it.httpsHost: IP address of the proxy server to use.
httpsHostPort: Port number for the proxy server.
httpsAuthUser: Username for authentication on the proxy server (basic authentication only), if required.
httpsAuthPassword: Password for authentication on the proxy server (basic authentication only), if required.
Restart the sensor service to encrypt the proxy passwords and upload the proxy information.
Alternatively, use the sensor
applyproxysettingscommand to apply the proxy settings without restarting the sensor:Windows: change into the sensor cli subdirectory and run
applyproxysettings.bat -file ..\config\proxy.propertiesLinux: change into the sensor cli subdirectory and run
./applyproxysettings.sh -file ../config/proxy.propertiesDocker: use the above Linux command if running from an interactive shell, or else run
docker exec -it <container-id/name> <sensor-install-path>/cli/applyproxysettings.sh -file <sensor-install-path>/config/proxy.properties
The following is an example of the config/proxy.properties file:
enableProxy=true httpsHost=10.125.125.125 httpsHostPort=443 httpsAuthUser=system01@Admin httpsAuthPassword=mypassword
接下来
传感器现在使用代理服务器将其发现结果转发至您的 CertCentral 帐户中的 Discovery,因此您可以看到扫描结果。