Web Security Appliance (WSA) as SSL Proxy

asked 2018-06-15 07:20:47 -0500

Our Companynetwork is protected with a Cisco WSA, to inspect every outgoing or incoming SSL connection to/from public internet. If you want to connect, the WSA takes your connection and plays proxy. the certificate the client sees is now the certificate the WSA shows him (normaly a self signed one).

We are aware that we have to feed our systems the additional certificates and rebuild the trust. this works fine. wget or curl trust the connections now. we do the same with the systemwide ja keystore and also with the keystore under /opt/puppetlabs/puppet/ssl/puppet-cacerts. After that we restart the puppetserver.

But we still get SSL errors when we try to install gems using "puppetserver gem install" or "puppet module install". Which sources do these use to establish their SSL trust??

edit retag flag offensive close merge delete