Rally SSL Deep Packet Inspection

book

Article ID: 222296

calendar_today

Updated On:

Products

CA Agile Central SaaS (Rally)

Issue/Introduction

Are there any issues with implementing SSL deep packet inspection via a corporate firewall or proxy server? 

Environment

Release : SAAS

Component :

Resolution

In general, deep packet inspection does not cause issues with Rally access via the UI as the appropriate internal certificates are usually in place through an Active Directory group policy, for example. 

Where there can be issues, however, is when customers have integrations that are set up to pull data out of Rally or perform routine maintenance like disabling inactive users.  In those cases, certain scripting languages in use like, Ruby and Python, will have their own key store and won't be aware of the internal certificates being used and execution will often fail due to SSL verification failures.

Special measures typically have to be taken in those cases like installing the internal certificates into the Ruby or Python key store, excluding those machines from packet inspection, or modifying the code to not fail on an SSL verification failure.