This section describes some common problems and their solutions.

Connectivity problems

We recommend the cURL tool to discover if a proxy causes connectivity problems.

Here is a log of a connection to PPRO's boarding API without a proxy, over the ‘naked’ internet:

--cacert in the curl example below points to the CA as a file.

--cacert in the curl example below points to the concatenated customer private key and PPRO-issued certificate in a single.

Use this command to connect to a normal Internet connection:

curl https://girolink.staging.techops.eu/status --cacert gltest.ca --cert cert.pem -v

Then:

1 Trying 35.157.49.47:443...

2 Connected to girolink.staging.techops.eu (35.157.49.47) port 443 (#0)

If there is a proxy between a development environment and PPRO, then there is a change in cURL's output (or similar). For exampleonboarding:

1 Uses proxy env variable HTTPS_PROXY == 'eu-webproxymain.servers.internet.prv:8080'

2 Trying 10.165.211.200:8080...

3 TCP_NODELAY set

4 Connected to eu-webproxymain.servers.internet.prv (10.165.211.200) port 8080 (#0)

In the code example above, you can see that the IP address on line 2 has been overwritten by the proxy of the customer in line 1. Line 4 is also overwritten as the proxy has taken over. This can have some side effects:

PPRO always rejects the client SSL certificate with an HTTP400 error, because the proxy has its own SSL certificate.
The certificate authority is never trusted unless overridden (with -k when using curl), because the proxy is also putting itself in the flow.
Other behaviours of the proxy may disrupt authentication or connectivity.

You must bypass this intrusive proxy through a direct connection to the Internet; there is no immediate workaround for cases where a proxy disrupts secure communications to PPRO.