1. home icon for breadcrumbs >
  2. Proxy Configuration

Proxy Configuration Steps

By default, the Cloud Agent for Unix operates in non-proxy mode. The agent can be configured to use an HTTPS proxy for internet access.

 If the proxy connection fails, then Cloud Agent does not attempt a direct connection outbound (Fail Closed).

Proxy Configuration Paths

Cloud Agent for Unix can be configured to use an HTTPS proxy in one of the following ways:

  • /etc/environment
  • /etc/sysconfig/qualys-cloud-agent

Proxy Configuration Steps

Perform the following steps to configure the Unix Cloud Agent for using a proxy connection to communicate with our Enterprise TruRisk Platform.

  1. Check if the /etc/environment file is available. If it does not exist, create a new /etc/environment file.
  2. Add one of the following lines to the /etc/environment file.

    To configure the https_proxy variable:
    https_proxy=https://[<username>:<password>@]<host>[:<port>]

    To configure the qualys_https_proxy variable:
    qualys_https_proxy=https://[<username>:<password>@]<host>[:<port>]

    Where <username> and <password> are specified if the HTTPS proxy uses authentication. If special characters are embedded in the username or password (e.g. @, :, $) they need to be URL-encoded. The <host> tag specifies the proxy server's IPv4 address or FQDN, and the <port> tag specifies the proxy's port number.

    If the proxy is specified with the https_proxy environment variable, it will be used for all commands performed by the Cloud Agent. If the proxy is specified with the qualys_https_proxy environment variable, it will only be used by the Cloud Agent to communicate with our cloud platform.

     You can use the Proxy Configuration Encryption Utility to encrypt the user name and password that you provide to the proxy environment variable.

  3. Cloud Agent starts after installation.

 The proxy configuration steps for AIX systems are the same as those for Unix-based assets. However, the Proxy Auto-Configuration (PAC) and tls_proxy are not supported for AIX-based systems. Follow the above steps for proxy configuration of any Unix-based system.

QGS Proxy Configuration Steps

The QGS proxy needs the certificates to connect with the Qualys Platform. The ca-bundle.crt file for QGS must come from the Cloud Agent server, as it contains the full certificate chain. Also, you must combine the Common CA Certificate with ca-bundle.crt. The following are the steps to combine the Common CA Certificate with ca-bundle.crt

  1. Run the following command on Unix assets to download the cacert.pem file.

    echo | openssl s_client -showcerts -servername <cloud_agent_server> -connect <cloud_agent_server>:443 2>/dev/null | openssl x509 -inform pem -out cacert.pem

    Where <platform_server_fqdn> is the Cloud Agent Server URL. Refer to the Cloud Agent Servers section at Identify your Qualys platform to know your server URL.

    This command downloads the curl output file cacert.pem.
  2. Rename the cacert.pem file to ca-bundle.crt.
  3. Download the Common CA certificate for the QGS proxy from the QGS user interface. To learn more about downloading a common certificate, refer to the Common CA Certificate of QGS.
  4. Add the QGS Appliance certificate content from the QGS Common certificate to the ca-bundle.crt you created. This is your combinedca-bundle.crt file.
  5. Copy the combined ca-bundle.crt file to the following location on your AIX assets.

    /var/ssl/certs/
  6. Restart the Cloud Agent service using the following command to apply the modified certificate to the QGS proxy.

    /opt/qualys/cloud-agent/bin/qcagent.sh restart
  7. Use the following command to check logs for any SSL/Certificate issues.

    tail -f /var/opt/qualys/qualys-cloud-agent.log

 

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.