Troubleshooting
This section describes some common problems and their solutions.
Connectivity problems
We recommend the cURL tool to discover if a proxy causes connectivity problems.
Here is a log of a connection to PPRO's boarding API without a proxy, over the ‘naked’ internet:
--cacert
in the curl example below points to the CA as a file.
--cacert
in the curl example below points to the concatenated customer private key and PPRO-issued certificate in a single.
Use this command to connect to a normal Internet connection:
curl https://girolink.staging.techops.eu/status --cacert gltest.ca --cert cert.pem -v
Then:
1 Trying 35.157.49.47:443...
2 Connected to girolink.staging.techops.eu (35.157.49.47) port 443 (#0)
If there is a proxy between a development environment and PPRO, then there is a change in cURL's output (or similar). For exampleonboarding:
1 Uses proxy env variable HTTPS_PROXY == 'eu-webproxymain.servers.internet.prv:8080'
2 Trying 10.165.211.200:8080...
3 TCP_NODELAY set
4 Connected to eu-webproxymain.servers.internet.prv (10.165.211.200) port 8080 (#0)
In the code example above, you can see that the IP address on line 2 has been overwritten by the proxy of the customer in line 1. Line 4 is also overwritten as the proxy has taken over. This can have some side effects:
- PPRO always rejects the client SSL certificate with an HTTP400 error, because the proxy has its own SSL certificate.
- The certificate authority is never trusted unless overridden (with -k when using curl), because the proxy is also putting itself in the flow.
- Other behaviours of the proxy may disrupt authentication or connectivity.
You must bypass this intrusive proxy through a direct connection to the Internet; there is no immediate workaround for cases where a proxy disrupts secure communications to PPRO.
Updated about 1 year ago