Support for intercepting proxies with Connector Appliance
CLOUD STATUS
Now AvailablePlatform - Connector Appliance
Previously, the Connector Appliance bundled a set of trusted root certificate authorities which had been carefully selected and reviewed. These were used to validate any outgoing connections that the connector established. However, if an intercepting proxy was present which needed to 'man-in-the-middle' traffic between the Connector and its destination, the proxy would be the target of the connection. To do this, the proxy would present its own certificate which the Connector Appliance might not have recognised, resulting in the connection being terminated.
With this change, admins are able to provide a custom root certificate to be added to the bundle included with the Connector Appliance, allowing connections to be intercepted by proxies. This also allows verification of connections to on-premise components, for example when using Image Portability Service.
Documentation on how to configure root certificates can be found here.