HTTPS Proxy Server Configuration
Access Manager Plus allows you to add a secure HTTPS proxy server by which you can re-route internal network traffic, allow your users to access local web pages, and use it for accessing websites in demilitarized zones. The target URL you are setting up as a connection could be an external website or an internal link in the intranet. Configure the HTTPS proxy server by providing your preferred port, KeyStore path and password to secure the connection to the target URL.
1. Steps to Configure the HTTPS Proxy Server
- Navigate to Admin >> Configuration >> HTTPS Proxy Server.
- By default, the HTTPS Proxy Server is already configured and running. To change the configuration as per your requirement, click Stop in the pop-up that appears.
- Once the Server Status changes to Not Running, enter the following attributes to reconfigure the server:
- Port: The default port is 9295, however you can enter the port of your choice.
- HTTPS connection: Enter the path and password of the KeyStore file for the SSL certificate you have provided while adding the connection. The KeyStore path is the location where all the SSL certificates added to your HTTPS connections are stored. The certificate you have provided will be imported into this KeyStore while adding the HTTPS connection.
- Click Save to save your settings and click Start to start the HTTPS Proxy server.
This is a one-time configuration. Once done, you can proceed to add the target URL as a HTTPS connection in the Manage tab.
Once the session to the target URL is launched from the Connections page, the web page will open in a new tab under your server URL and the custom port you have provided. For eg. https://server-name:9295/RID_1_.
2. Limitations of the HTTPS Proxy Server
- We support adding only HTTPS-based websites as connections in Access Manager Plus.
- If a user clicks through to a different URL and moves to another site from the target URL, their activity from there on will not go through the HTTPS proxy server. This also applies to websites that use other external sites for authentication purposes and such.
- As of now, it is possible to provide only the host name or domain name for the target URL. Usage of the target URL along with URI (Uniform Resource Identifier) is not yet supported.
- Websites that contain absolute css and js source paths are not yet supported.
- Websites that allow requests only from trusted domains are not yet supported.
- Connections to other ManageEngine product URLs such as Password Manager Pro, ServiceDesk Plus cannot be authenticated as they share common cookies with Access Manager Plus.