# Set up proxy access for your on-prem agent
A proxy server allows an on-prem agent to operate in an environment with limited internet connectivity.
PKIX PATH BUILDING FAILED ERROR
This error occurs when the on-prem agent can't validate the SSL certificate of Workato's servers. Common causes include a misconfigured proxy, a missing CA certificate in the Java truststore, or SSL inspection by a firewall.
Refer to PKIX path building failed error for more information.
To define proxy settings for your agent, create a proxy section in your configuration file with the following parameters and modify your agent's activation command:
| Config file definition | Description | Activation command parameter |
|---|---|---|
host | The IP address of the host. | --proxy-host=<host-ip-address> |
port | The port number the proxy uses. | --proxy-port=<port-number> |
username | Optional. Defines a username for the connection. | --proxy-username=<username> |
password | Optional. Defines a password for the connection. | --proxy-password=<password> |
Run the activate script with --help parameter to display the full list of accepted parameters.
SET UP A SECURE TUNNEL
Ensure your proxy server allows CONNECT requests to the Workato gateways sg3.workato.com and sg4.workato.com if you plan to establish a secure tunnel.
# Example configuration
The following config.yml section defines a password-protected proxy connection:
proxy:
host: 192.168.1.1
port: 8080
username: proxy_user
password: proxy_password
database: ...
jms: ...
The following command activates the agent and connects it to the password-protected proxy:
bin\activate.cmd --code={activation-code} --proxy-host=192.168.1.1 --proxy-port=8080 --proxy-username=proxy_user --proxy-password=proxy_password
Last updated: 6/16/2025, 6:06:44 PM