#54 add certmonger proxy support
Opened 2 years ago by c031917. Modified 2 years ago

Certmonger shall be able to contact an external PKI via SCEP through a corporate proxy.

Tests with setting the http_proxy in a shell and starting scep-submit directly works.

Then I configured the proxy systemd-wise:

In /usr/lib/systemd/certmonger.service there is already a link defined to add stuff:
[Service]
..
EnvironmentFile=/etc/sysconfig/certmonger

So in /etc/sysconfig/certmonger I added my proxy like this:

[Service]
Environment="http_proxy=http://proxyuser:proxypassword@proxyserver:proxyport"

After systemctl daemon-reload and systemctl restart certmonger my requests still do not get to the proxy.

Commenting out the EnvironmentFile line and adding the Environment line directly in certmonger.service had the same result.

So using getcert through a proxy does not work. It is as if the environment is not passed to the called helper scep-submit.

I quote Alexander Bokovoy here who confirmed my suspicion:
"I've checked certmonger source code and while libcurl can be configured to use proxy and proxy authentication, certmonger does not configure it to do so.
As result, environmental variables have no influence on the use of libcurl by certmonger"

So environment variables shall be propagated from certmonger to scep-submit.


Metadata Update from @c031917:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

2 years ago

Login to comment on this ticket.

Metadata