Rally SSL Deep Packet Inspection


Article ID: 222296


Updated On:


CA Agile Central SaaS (Rally)


Are there any issues with implementing SSL deep packet inspection via a corporate firewall or proxy server? 


Release : SAAS

Component :


In general, deep packet inspection does not cause issues with Rally access via the UI as the appropriate internal certificates are usually in place through an Active Directory group policy, for example. 

Where there can be issues, however, is when customers have integrations that are set up to pull data out of Rally or perform routine maintenance like disabling inactive users.  In those cases, certain scripting languages in use like, Ruby and Python, will have their own key store and won't be aware of the internal certificates being used and execution will often fail due to SSL verification failures.

Special measures typically have to be taken in those cases like installing the internal certificates into the Ruby or Python key store, excluding those machines from packet inspection, or modifying the code to not fail on an SSL verification failure.