VMware VCSA Supported protocol for proxy server is HTTPS

VMware VCSA Supported protocol for proxy server is HTTPS

I’ve been working with someone recently who has not been able to download packages to virtual centre via HTTPS because their existing proxy works via HTTP.

Wait back up a second, can we create https connections via http proxy servers?

Short answer is yes. and I’m going to paraphrase user cyker from a stack overflow thread as to how.

“HTTPS uses SSL/TLS to ensure end-to-end security, establishing a secure communication channel for our traffic. If the HTTP proxy can see the contents, then it is now a man-in-the-middle eavesdropper defeating the goal of SSL/TLS. So how can we use HTTPS via a plain HTTP proxy?

By turning a HTTP proxy into a TCP proxy with a special command named CONNECT. Most HTTP proxies support this feature. The TCP proxy cannot see the HTTP content being transferred in clear text, but this does not mean it cannot forward packets back and forth. Allowing the client and server to communicate with each other securely via the proxy.”

VMware VCSA Supported protocol for proxy server is HTTPS

Which makes the above error about the “VMware VCSA Supported protocol for proxy server is HTTPS” a little confusing.

Workaround – Unsupported

The VCSA is released as an appliance.  Which if you squint looks a lot like, if you’ll forgive the massive over simplification, a linux distribution VM.  Well if it looks a bit like a linux VM then maybe we can configure it like a linux VM?

After a bit of an exploration in the VCSA, we find the following file “/etc/sysconfig/proxy”:

VMware VCSA Supported protocol for proxy server is HTTPS

Which looks promising! So editing that file to add a HTTPS_PROXY to it the line will look something like the below;

VMware VCSA Supported protocol for proxy server is HTTPS

In the above you can see i’ve added “http://my.proxy.net:80” to the “HTTPS_PROXY=” line.

How does that translate within the VCSA itself?

VMware VCSA Supported protocol for proxy server is HTTPS

Well well well, it looks like the edits to the “/etc/sysconfig/proxy” configuration file have been pushed up to the VCSA and I’m able to download files from a HTTPS source.

None of this is tested outside of anywhere but my lab, so please test yourself, make sure you document any changes and above all else consider all of the above unsupported!

Thanks

Simon

Looking to learn more about VMware?

Check out these books!

Need a summer Read?