Want this feature implemented, too? Please upvote by clicking Thumbs up!
(Posts as a reply won't be published in this feature request thread. Read Me!)
As a PRTG user, I would like to have the SSL Certificate sensor use a Proxy, as other web based sensors can/do.
Details of user story
Like other sensors that need access to websites externally, and need to go through a proxy, add this feature to the SSL Certificate sensor.
I see that this could have 3 options:
- Proxy Off - This would be the default, so current sensors do not need to be reconfigured when the sensor is upgraded, or new ones created to monitor local Certificates.
- Use Inherited Proxy Setting - As per other current sensors.
- Use these Proxy Settings - To allow local override for this specific sensor and have the fields needed.
- Criterion #1 - The SSL Certificate sensor can be configured, as per other sensors, to use a proxy for communications.
- Criterion #2 - The certificate being tested is the destination certificate and not the Proxy's certificate.
We had a website that was on-prem and we have just moved it to the cloud. We were monitoring the Certificate successfully via the SSL Certificate sensor. This worked fine while on-prem, but I am getting the error "Failed to establish secure connection" now the site is in the cloud and the sensor needs to go through a Proxy to access it.
I have worked through the KB Article "How can I configure the WinHTTP proxy settings for the SSL Certificate sensor?". Which has not worked for me. Even after the server reboot. Using PRTG v18.104.22.1689+ on Windows 2012R2.
On a side note: You have to be careful to include the proxy bypass option if you use SCCM. WinHTTP is used to connect for updates and will stop working without one.
I have done some investigation. The proxy is not seeing any traffic from the probe for this sensor, other sensors that have a proxy setting are working.
Delving deeper I turned on the WinHTTP Event Trace Log and captured a sensor scan and the first thing I notice is the process is making a request to DNS to resolve the name of the website used in the sensor. Which means it is not using the proxy, if it was the probe would not be doing the DNS request it would send off the request to the proxy and let the proxy handle DNS resolution etc.